Troubleshoot Possible Root Causes for Account Lockouts

-
Possible Root Causes for Account Lockouts
? Persistent drive mappings with expired credentials
Active sync devices (cell phone,etc..)
? Mobile devices using domain services like Exchange mailbox
? Service Accounts using cached passwords
? Scheduled tasks with expired credentials
? Clear the stored credentials - cmd "RunDll32.exe keymgr.dll,KRShowKeyMgr"
? Misconfigured domain policy settings issues
? Disconnected Terminal Server sessions
? Programs that may pass user credentials to a centralized network program or middle-tier         application   layer

---
Client side troubleshooting
Mobile device / BYOD
Server side checklist

---

Client side

Perform the below steps on client side (local desktop / laptop)
  • Check If a Local User Account is present with the same Name as AD account. If same ID is available, rename local ID to some other ID.
  • Clear Temporary Files
  • Delete Cookies / Temp Files / History / Saved passwords / Forms from all the browsers.
  • Start — > Run –> Temp –> Delete all temp files.
  • Start –> Run –> Prefetch –> Delete all Prefetch files.
  • Remove Mapped Drives from the computer.  My Computer –> Right click on Shared drive –> click on Disconnect
  • If Adobe Reader is installed, in the back end it will be trying to check for latest update. Delete the Adobe Updater file from below path. Delete the AdobeUpdater.dll file in the folder C:\Program Files\Adobe\Reader version \Reader
  • Remove stored passwords from Control Panel.
  • Start –> Run –> Type Control UserPasswords2 , click on Advanced managed passwords and delete all the passwords.
  • Remote unwanted applications from StartUp (Run –> msconfig –> startup –> Uncheck unwanted software)
  • Scan the entire HDD and update the Antivirus agent.
  • Check the third party software installed on client side. If it’s not required, uninstall.
  • Open the Task Scheduler (Run --> Tasks) and delete unwanted tasks. Most of the time, Automatic Backup / Google Update / Apple Updates will be installed by default. Remove all.
  • Uninstall Auto Update software’s in Control Panel. (You can update this software manually.)
  • If user’s account acts as a service account, update the latest password in service.
  • User’s account used as an IIS Application Pool identity.

Mobile Devices

Perform the below steps on mobile devices / smartphones (BYOD)
If user recently changed the password and forgot to update in mobile devices, that caused the account lockout for user ID.
Does user involved have a smartphone or some kind of mobile device using AD credentials for connecting (like exchange)? If it fails to connect three times (depending on your GPOs), it locks their account. Have a look on all their stuff using their user account automatically, especially their mobile (90% of the time).
  • Go to account settings in a mobile device and update the latest password.
  • Reboot the device if required.
  • Is issue persists, delete and reconfigure the device,
  • If you found the account is getting locked from a mobile device, and unable to fix the by performing above steps, take the necessary backup and wipe the device completely and reconfigure the device.


Ref: https://social.technet.microsoft.com/wiki/contents/articles/23497.active-directory-troubleshooting-frequent-account-lockout.aspx

Comments

Post a Comment

Popular posts from this blog

altiris software key

-
Image
I think a lot of people, like me, spend a lot of time try finding how to get those download: Latest Symantec workspace Virtualization , SWV 6.1, that is advanced SVS version, is integrated with the Altiris client management suite CMS 7.  (Yes, it was also named "SVS PRO") Notice 1: This package includes the "Wise Virtual Composer", and both x86+x64 versions. Notice 2: This link currently also includes SWS (Streaming) and SWC (Corporate) [please vote my post if you use it ;-] Story : I was thinking only SVS 2.1 (Software Virtualization Solution) was integrated into the "Client Management Suite 7". But this is not the case and SWV 6.1 (Symantec Workspace Virtualization) must not be paid in addition . Free home license : Both SVS 2.1 "light" version & SWV are still free personal use. I suggest you use now the latest SWV 6.4 (That is SWV 6.1 SP7 or following! Yes Symantec do this version naming - vote here also to a...
Read more

Service Principal Names (SPNs) SetSPN Syntax (Setspn.exe)

-
Image
Service Principal Names (SPNs) SetSPN Syntax (Setspn.exe) Table of Contents SPN Purpose SPN Format SetSPN Viewing or Checking SPN Registrations SPN Registration Errors Related to SPN Registration or Configuration Manually Registering SPNs Troubleshooting SPN Issues Resolving SPN Registration Issues SPN Lookup Errors Delegation External Articles SPN Purpose A service principal name (SPN) is the name by which a Kerberos client uniquely identifies an instance of a service for a given Kerberos target computer. If you install multiple instances of a service on computers throughout a forest, each instance must have its own SPN. A given service instance can have multiple SPNs if there are multiple names that clients might use for authentication. For example, an SPN always includes the name of the host computer on which the service instance is running, so a service instance might register an SPN for each name or alias of its host. ↑  Return to T...
Read more

Troubleshooting Netlogon Error Codes

-
Image
Quick Reference: Troubleshooting Netlogon Error Codes ★ ★ ★ ★ ★ ★ ★ ★ ★ ★ ★ ★ ★ ★ ★ January 28, 2013   by  Mark Morowczynski [MSFT]   //   24 Comments 0 0 Hi this is Brandon Wilson and today I will be providing you with a quick reference for troubleshooting Netlogon error codes. I say “quick reference” very loosely here, because this is one of those sticky subjects that can easily expand into many more areas and become a very long discussion. So, I’m going to do my best to focus on just the codes and possible solutions for the error codes that are more common to see. Anyone who has dealt with some of these issues knows that some of these outlined areas can lead to huge revenue loss for a business, or at the very least an annoying authentication prompt J I welcome you to leave comments and questions, or suggestions for articles that you as the reader would be interested in seeing us do on AskPFE Platforms ( http://blogs.tech...
Read more