Re: Account Lockout

From: Vincent Brown (vincent.brown_at_equityone.com)
Date: 06/10/03 

Date: Tue, 10 Jun 2003 06:02:04 -0700

The clients are running on Windows 2000 Professional and
the domain controllers are all running Windows 2000 Server
with SP3. The weird thing is that a handful of clients
get locked out in two instances:

1. When they log in first thing in the morning.
2. While they are logged in (after I have unlocked their
accounts).

The clients are runnings on desktop PCs. I would think
that the cached credentials issue would come more into
play with our users with docking station laptops that are
taken home.

Any insights you could provide would be helpful.

>-----Original Message-----
>Hello Vicent,
>First, I would like to recommend that your provide more
info on the
>operating systems run on your clients and domain
controllers so that we know
>what versions we're talking about.
>>From your description below, the issue could be caused by
various
>circumstances. One of the most common ones is if these
users happen to be
>using WindowsXP or Windows Server 2003 to store cached
credentials to other
>remote servers. If the cached credentials go out of date
(or if they have
>open "net uses" to other servers with old creds), then
accounts could get
>locked out due to autmoatic logon retries with bad
passwords.
>
>
>
>--
>Alaa Abdelhalim [MSFT]
>-----
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>Please do not send e-mail directly to this alias. This
alias is for
>newsgroup purposes only.
>
>
>
>"Vincent Brown" <vincent.brown@equityone.com> wrote in
message
>news:024c01c32ec6$0b108460$a601280a@phx.gbl...
>> This issue sort of has a twist to it. The account
lockout
>> seems to occur while the user is still logged in. As
long
>> as they don't deliberately log out or the PC doesn't
>> timeout and lock itself, the user is OK.
>>
>> Any ideas?
>>
>>
>> >-----Original Message-----
>> >On 6/6/03 10:36 PM, in article 064601c32c9d$aba327f0
>> $a301280a@phx.gbl,
>> >"Craig" <cmanske@houston.rr.com> wrote:
>> >
>> >> Vincent,
>> >>
>> >> If these are XP clients there is a new feature in XP
>> that
>> >> will cache passwords for network resources on the
local
>> >> desktop. When the users logs in...it tries to use
those
>> >> credentials several times before the user ever gets
to
>> >> see the desktop come up. My guess would be that all
of
>> >> the users that are having this problem have recently
>> >> changed their passwords and the cached password is
>> >> locking them out.
>> >>
>> >> Go to control panel \ Users \ Advanced I believe....
>> >>
>> >> If thats not it look for any drives that are mapped
>> using
>> >> old credentials....or Terminal Server connections
that
>> >> may be have an idle session using the old password.
>> >>
>> >> The event logs on your PDC should give you a clue as
to
>> >> where the lockouts are coming from.
>> >>
>> >> Good luck,
>> >>
>> >> Craig
>> >>> -----Original Message-----
>> >>> I have a handful of users that experience account
>> >> lockouts
>> >>> every time they try to log in. Even though our
default
>> >>> domain policy says they have 5 retries before
account
>> >>> lockout, the account locks. Also notice that
everytime
>> >>> they log in, the account always says that it has
>> expired
>> >>> even though it is set to never expire.
>> >>>
>> >>> Anyone have any clue about what this is and more
>> >>> importantly, how to fix it?
>> >>>
>> >>> Please advise ASAP.
>> >>>
>> >>> Thanks,
>> >>>
>> >>> Vincent.
>> >>> .
>> >>>
>> >This is not a new feature in Windows XP, but has been
>> part of the Windows NT
>> >technology group since 3.5, its called Cached Account
>> Credentials, and will
>> >only be checked if there is no DC to verify
>> Username/Password.
>> >
>> >.
>> >
>
>
>.
>

Relevant Pages

  • Re: Users Cant Access Documents on Server
    ... my computer to the network on the server. ... Connection Wizard none of the computers were listed. ... The Mac clients can not communicate with the server box. ... > Error Messages When You Open or Copy Network Files on Windows XP SP1 ...
    (microsoft.public.windows.server.sbs)
  • Re: Users Cant Access Documents on Server
    ... > then add my computer to the network on the server. ... Did you not see the computers in the Server Management taskpad section? ... The Mac clients can not communicate with the server box. ... >> Error Messages When You Open or Copy Network Files on Windows XP SP1 ...
    (microsoft.public.windows.server.sbs)
  • Re: Group Policy Results Wizard
    ... I guess we can rule out Windows ... If you can't reach the WMI from the server you will want to try to reach it ... switching off the Windows Firewall on one of the clients, ... Business Server Windows Firewall" (not Small Business Server ...
    (microsoft.public.windows.server.sbs)
  • RE: Connection problem with 98 station on 2003 AD domain
    ... Thanks for your response and give me a right direction. ... I think the root cause is that those 98 clients do not have SMB ... packet signing enabled and cannot authenticate to a Windows Server 2003 ... How to enable Windows 98/ME/NT clients to logon to Windows 2003 based ...
    (microsoft.public.windows.server.migration)
  • Re: Cannot join Windows 2003 Server to SBS 2000 Domain
    ... this on all client computers at this remote office. ... All the clients but one at the main office are Windows XP Pro. ... > 'adprep' commands on the SBS 2000 server. ...
    (microsoft.public.windows.server.sbs)