Dear All,I really appreciate any suggestion to resolve this issue. I have a terminal server using windows server 2003, all computers are connected to this server to access some programs and internet. I have some computer running windows XP, Windows Vista Home premium and windows vista home basic. I am currently adding a laptop running windows vista home premium x64. All the other computers don't give connection problems (rdp and internet) but connecting the new laptop with vista x64 always create a user account locked out problem. Everytime I unlocked the account in the server management, it got locked out almost immediatelly. What seems to be the problem?Thanks,Tony

Hi Tony, I understood that when you tried to connect the Windows Vista Home Premium x64 to the terminal server Windows Server 2003, the user account locked out. However, other computers dont encounter this sort of issue. Firstly, may I know if the issue occurs in a domain environment? Also, does it occur if we logon with a new account? Based on the current situation, please try the following suggestions: 1. Please enable the user logon audit for all computers in your domain. Then, check the audit event logs on the domain controllers to see on which computer the original bad domain logon attempt occur. For example, on Windows Server 2003 DCs, we may see event 681 when the user is locked out. Please check the 681 events for that problematic user account, and check what the exact "From Workstation" is. It is a DC, please go to that DC and check the 681 event's "From Workstation" string. 273499 Description of Security Event 681 http://support.microsoft.com/?id=273499 This will tell us whether the original bad domain logon attempt occurs on the problematic user account's own computer. 2. I am not sure how the account lockout policy is set there. Generally, it is a best practices suggestion to set the Threshold value to 10 or higher. This is high enough to rule out user error and low enough to deter hackers, especially when the password complexity policy is enabled. Generally, for medium security requirement, the recommended configurations are: Reset account lockout counter after: 30 Account lockout duration: 30 Account Lockout Threshold: 10 For high security requirement, the recommendations are: Reset account lockout counter after: 30 Account lockout duration: 0 Account Lockout Threshold: 10 For more information, please refer to: Account Passwords and Policies http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx 3. On the Windows Vista X64 computer, we need to remove the previous password cache, which may be used by some applications and therefore cause the account lockout problem. To do so: 1) Click Start, click Run, type "control userpasswords2" (without the quotation marks), and then click OK. 2) Click the Advanced tab. 3) Click the "Manage Password" button. 4) Check to see if these domain account's passwords are cached. If so, remove them. 5) Check if the problem has been resolved now. For more information, you may refer to the following article: Q281660:Behavior of Stored User Names and Passwords http://support.microsoft.com/?id=281660 4. Please also run the following tool on the server side to narrow down the issue: Account Lockout and Management Tools http://www.microsoft.com/downloads/details.aspx?FamilyID=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en If the issue persists, please check the event log on both computers (Windows Vista X64 and Windows Server 2003) to see if there are some related error messages. If so, please post them to the thread and I will perform further research with the information. Hope this helps. Nicholas Li - MSFT Nicholas Li - MSFT