|
|
|
Question : Administrator account locked out every five minutes
|
|
Our renamed administrator account is being locked out every five minutes or so. After doing research on this website, and following all posted instructions, nothing has solved the problem. I've checked every server's services and all services are running using the local system account. I've also checked all other miscellaneous services and applications and all are using their own, independent account separate from the renamed admin account. I have auditing set to log all successes and failures, but must do so as I work in a federal government facility and we must follow DISA guidelines. I ran the netlogon.log using the lockoutstatus.exe tool and thought I found the culprit server, but after turning the server off, the account is still being locked out. I've done everything in the book. If it's posted on this site, I've done it. Any other suggestions? Any help would greatly be appreciated.
|
Answer : Administrator account locked out every five minutes
|
|
Well, if you are statically assigning IP's, you should have a list of all computer names along with their IP's. Looking at your previous posts, I see IP: 155.7.156.237 with a pre-authentication error. Since it is not the same as: IP: 155.7.156.13 Comp Name: C-Host6013-HA, could you assume that the xxx.xxx.156.237 is the offending machine which locks the account, and then C-Host6013-HA tries to authenticate and fails because the account is already locked out? That is what's going on with me, this Mac locks my account then my Windows workstation almost instantly asks for my userid and password to login to Outlook. I check AD and of course my account is locked out. I get not only my workstation IP but also the Mac.
Have you taken a look at xxx.xxx.156.237 and determined if it's a server or workstation? I know you said no one uses the server admin/password on local machines, but there could always be that one guy who does it anyway.
Looking at your posts, I'm leaning twards an issue on .237 not .13. Check all services and programs on that machine. Good luck. Let me know what you find out.
Shawn
|
|
|
|
|
|
|
