Re: Account Lockout
From: Alaa Abdelhalim [MSFT] (alaa_at_online.microsoft.com)
Date: 06/10/03
- Next message: jc: "administrator account"
- Previous message: Alaa Abdelhalim [MSFT]: "Re: Deleting files after emptying the "Recycle Bin" using DOS"
- In reply to: Vincent Brown: "Re: Account Lockout"
- Next in thread: Vincent Brown: "Re: Account Lockout"
- Reply: Vincent Brown: "Re: Account Lockout"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 9 Jun 2003 16:26:27 -0700
Hello Vicent,
First, I would like to recommend that your provide more info on the
operating systems run on your clients and domain controllers so that we know
what versions we're talking about.
>From your description below, the issue could be caused by various
circumstances. One of the most common ones is if these users happen to be
using WindowsXP or Windows Server 2003 to store cached credentials to other
remote servers. If the cached credentials go out of date (or if they have
open "net uses" to other servers with old creds), then accounts could get
locked out due to autmoatic logon retries with bad passwords.
-- Alaa Abdelhalim [MSFT] ----- This posting is provided "AS IS" with no warranties, and confers no rights. Please do not send e-mail directly to this alias. This alias is for newsgroup purposes only. "Vincent Brown" <vincent.brown@equityone.com> wrote in message news:024c01c32ec6$0b108460$a601280a@phx.gbl... > This issue sort of has a twist to it. The account lockout > seems to occur while the user is still logged in. As long > as they don't deliberately log out or the PC doesn't > timeout and lock itself, the user is OK. > > Any ideas? > > > >-----Original Message----- > >On 6/6/03 10:36 PM, in article 064601c32c9d$aba327f0 > $a301280a@phx.gbl, > >"Craig" <cmanske@houston.rr.com> wrote: > > > >> Vincent, > >> > >> If these are XP clients there is a new feature in XP > that > >> will cache passwords for network resources on the local > >> desktop. When the users logs in...it tries to use those > >> credentials several times before the user ever gets to > >> see the desktop come up. My guess would be that all of > >> the users that are having this problem have recently > >> changed their passwords and the cached password is > >> locking them out. > >> > >> Go to control panel \ Users \ Advanced I believe.... > >> > >> If thats not it look for any drives that are mapped > using > >> old credentials....or Terminal Server connections that > >> may be have an idle session using the old password. > >> > >> The event logs on your PDC should give you a clue as to > >> where the lockouts are coming from. > >> > >> Good luck, > >> > >> Craig > >>> -----Original Message----- > >>> I have a handful of users that experience account > >> lockouts > >>> every time they try to log in. Even though our default > >>> domain policy says they have 5 retries before account > >>> lockout, the account locks. Also notice that everytime > >>> they log in, the account always says that it has > expired > >>> even though it is set to never expire. > >>> > >>> Anyone have any clue about what this is and more > >>> importantly, how to fix it? > >>> > >>> Please advise ASAP. > >>> > >>> Thanks, > >>> > >>> Vincent. > >>> . > >>> > >This is not a new feature in Windows XP, but has been > part of the Windows NT > >technology group since 3.5, its called Cached Account > Credentials, and will > >only be checked if there is no DC to verify > Username/Password. > > > >. > >
- Next message: jc: "administrator account"
- Previous message: Alaa Abdelhalim [MSFT]: "Re: Deleting files after emptying the "Recycle Bin" using DOS"
- In reply to: Vincent Brown: "Re: Account Lockout"
- Next in thread: Vincent Brown: "Re: Account Lockout"
- Reply: Vincent Brown: "Re: Account Lockout"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
