Hi all, i have a user who keeps being locked out. The user uses a windows xp machne joined to a domain with a server 2008 r2 DC (and a few other DCs at 2008 / r2) this is happening three to four times a day. I unlock the account then the user can log back in, then the same happens again! Where do i start with this one? Thanks

Some of the common causes for account lock outs are: Saved Browser Passwords, User Account used for running specific services, Saved Passwords on Network Printers, Cached passwords on Terminal Server sessions etc... Please refer discussion mentioned below http://social.technet.microsoft.com/Forums/en-US/winserverManagement/thread/4f72c4b1-343c-459a-b431-de24ea2d5136/ Account lock outs might as well be due to conficker virus on the machine http://support.microsoft.com/kb/962007 http://blogs.technet.com/b/rhalbheer/archive/2009/01/13/additional-information-on-conficker-msrt-removing-conficker.aspx Press any key... What the ... Where's any key ? This posting is provided "AS IS" with no warranties or guarantees and confers no rights. About Me ?

YOu need to get the source from where the user account is getting locked. Follow the below procedure 1. Download microsoft lockout status tool from below link http://www.microsoft.com/en-us/download/details.aspx?id=15201 2. Install it on client computer 3. Put the target name (user account which is getting locked) on target tab 4.It will list out Date/time and DC on which account lock out events are happening 5.Check the Latest date and time and DC name,. Login to the DC where the evet is getting generated. 6.Go to security event------>search for 644 (microsoft Server 203) or 4740 (W2K8)----->open the event 7.It will list the account information and Computer name from which account is gettng locked 8.Login to the computer and check for any services or schduled task , also check if the network drives are mapped with old user account credentials Regards, _Prashant_ MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

thank you very much, i will try this

the account becomes locked out when the user tries to access my docs which is a redirected folder. The user is pompted for username and password at which point the user account is locked from AD. I am baffled here!

Most likely, the user at one point chose to have Windows Explorer save the username and password. When he or she changed their password, Explorer will continue to use the old, saved information which will result in a lockout. Open up Credential Manager on the client machine as see if there are any entries under Windows or Generic Credentials.

Is this also happening if user tries to login from different computer? Did you check saved passwords (Type Control Userpasswords2 in RUN box, click Advanced, Manage Passwords; or; From Control Panel, select your User Account, click Manage your network passwords) and remove saved password for this share.

Agree with Darien. You can remove the credentials from Control Panel\All Control Panel Items\User Accounts Click the username to the left you will see Manage your credentials. From there select the name and remove. Once that is done, delete using Start > Run > cmd > net use * /DELETE Press any key... What the ... Where's any key ? This posting is provided "AS IS" with no warranties or guarantees and confers no rights. About Me ?

Hi, Since the account lockout issue could be caused by many factors, such as Programs, Service accounts, Low bad password threshold AD replication and Redundant credentials. At this time, in order to narrow down the cause of the account lockout issue. I suggest we try to enable Auditing policy, Netlogon Logging and Kerberos Logging to capture the information about the accounts that are being locked out. Enable Auditing at the Domain Level To view the Auditing policy settings, in the Group Policy MMC, double-click Computer Configuration, double-click Windows Settings, double-click Security Settings, double-click Local Policies, and then double-click Audit Policy. Enable auditing for the event types listed in the previous section. Enable Kerberos event logging on a computer Click Start, click Run, type regedit, and then press ENTER.Add the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters registry value to the registry key: Registry value: LogLevelValue type: REG_DWORDValue data: 0x1 If the Parameters registry key does not exist, create it. Close Registry Editor and restart the computer. Enable Netlogon logging To enable debug logging, set the debug flag that you want in the registry and restart the service by using the following steps: Start the Regedt32 program.Delete the Reg_SZ value of the following registry entry, create a REG_DWORD value with the same name, and then add the 2080FFFF hexadecimal value. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DBFlag At a command prompt, type net stop netlogon, and then type net start netlogon. This enables debug logging.To disable debug logging, change the data value to 0x0 in the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DBFlag Quit Regedt32.Stop Net Logon, and then restart Net Logon. For details about troubleshooting account lockout issue, please refer to the articles below. Troubleshooting Account Lockout http://technet.microsoft.com/en-us/library/cc773155(v=ws.10) Maintaining and Monitoring Account Lockout http://technet.microsoft.com/en-us/library/cc776964.aspx Account Lockout Tools http://technet.microsoft.com/en-us/library/cc738772(WS.10).aspx Regards, Andy

this does not seem to happen when the user is logged onto another computer. There are no credentials for the user saved in credential manager.

Try recreating the affected user profile. Follow the steps below Log on to the machine with any Administrator accountRename the affected user profile e.g. User_Name to User_Name.oldMake sure that you back up all relevant data which belongs to user and stored in his profile such as Favorites, pictures etc...Ask user to log on to the machine with his User ID and PasswordNow a new profile would be created on the machine for this userObserve the account lock out behavior and see if the above procedure makes any difference in the situationPress any key... What the ... Where's any key ? This posting is provided "AS IS" with no warranties or guarantees and confers no rights. About Me ?

Try recreating the affected user profile. Follow the steps below Log on to the machine with any Administrator accountRename the affected user profile e.g. User_Name to User_Name.oldMake sure that you back up all relevant data which belongs to user and stored in his profile such as Favorites, pictures etc...Ask user to log on to the machine with his User ID and PasswordNow a new profile would be created on the machine for this userObserve the account lock out behavior and see if the above procedure makes any difference in the situationPress any key... What the ... Where's any key ? This posting is provided "AS IS" with no warranties or guarantees and confers no rights. About Me ?

thank you, i will try this