Troubleshooting Frequent Account lockout

Most of the users account will get locked from locally desktops and Mobile devices or idle sessions left on Server / workstation, We need to start Account lookout troubleshooting from below order.
  1. Client side troubleshooting
  2. Mobile devices
  3. Server side  troubleshooting
Client side
Perform the below steps on client side (Local desktop / Laptop)
  • Clear Temporary Files
  • Delete Cookies ->Temp Files -> History -> Saved passwords -> Forms from all the Browsers.
  • Start — > Run –> Temp –> Delete all temp files.
  • Start –> Run –> Prefetch –> Delete all Prefetch files.
  • Remove Mapped drives from my computer.  My Computer –> Right click on Shared drive –> click on Disconnect
  • If Adobe reader is installed, backend it will be trying to check for latest update, Delete the Adobe updater file from below path. Delete the AdobeUpdater.dll file in the folder C:\Program Files\Adobe\Reader version \Reader
  • Remove stored passwords from Control Panel
  • Start –> Run –> Type Control UserPasswords2 , Click on Advanced managed passwords and delete all the passwords
  • Remote unwanted applications from startups (Run-> msconfig –> startup –> Uncheck unwanted software’s)
  • Scan the entire HDD and update the Antivirus agent
  • Check the third party software’s installed on client side, If it’s not required, Uninstall.
  • Open the Task Scheduler (Run --> Tasks) and delete the unwanted tasks. Most of the time, Automatic backup / Google Update / Apple Updates will be installed by default) Remove all.
  • Uninstall Auto update software’s in control panel (You can update these software’s manually)
  • If user’s account acts as a service account (Update the latest password in Service).
  • Check if User’s account used as an IIS application pool identity.

Mobile Devices

Perform the below steps on Mobile devices / Smart phone (BYOD)
 If user recently changed password and forgot to update in Mobile devices, that cause the account lockout  sometime for user ID,Does user involved has a smartphone or some kind of mobile device using AD credentials for connecting (like exchange), if it fails to connect 5 times (depending on your GPO’s), it locks his account. Have a look on all his stuff using his user account automatically, specially his mobile (90% of the time guilty).
  • Go to account settings in Mobile device and update the latest password.
  • Reboot the device if required.
  • Is issue persists, Delete and reconfigure the device,
  • If you found that account is getting locked from mobile device, and unable to fix the by performing above steps, Take necessary backup and Wipe the device completely and reconfigure the device.

Server / Active Directory

User below tools to find out source of the account lockout - On Server
  1. Account Lockout and Management Tool.http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=18465 

Comments

  1. Jenyford smithNovember 2, 2021 at 11:59 AM

    I really be grateful for your blog,Wellington towing service you have completed the great job. Thanks for the bunch of excellent resourceful site.

    ReplyDelete

Post a Comment

Popular posts from this blog

Java Control Panel Icon "Application Not Found"

Image
Howto: Fix the "Application not found" error in the Java Control Panel icon. These same steps may be useful for other malfunctioning Windows Control Panel icons. In Windows 7, the Java Control Panel icon may be damaged / corrupted. Attempting to launch the icon results in "Explorer.exe : Application not found". Note the generic icon: When working properly, the circled icon should look like this: This problem appears to be an artifact from previous JRE installations and Sun's installation routines were flawed. Re-installing JRE (the Java Runtime Environment) does not resolve the problem. Immediate workaround: If needed, the Java Control Panel can be manually launched using this location: C:\Program Files (x86)\Java\JRE6\bin\Javacpl.exe As a side note, when launching, other-mouse-click the .exe and choose "Run as Administrator".  Running as Administrator resolves a bug where changes in the Control Panel (especially Auto-update changes) do not stic
Read more

Enterprise CA option is greyed out / unavailable

Image
Many times, when installing Active Directory Certificate Services they cannot choose to install Enterprise Certification Authority, because it’s unavailable as in following picture: Well, you need to fulfill basic requirements: Server machine has to be a member server (domain joined). You can run an Enterprise CA on the Standard, Enterprise, or Data Center Windows Edition. The difference is the number of ADCS features and components that can be enabled. To get full functionality, you need to run on Enterprise or Data Center Windows Server 2008 /12/R2/ Editions.  In order to install an Enterprise CA, you must be a member of either Enterprise Admins or Domain Admins in the forest root domain (either directly or through a group nesting). If issue still persists, there is probably a problem with getting correct credentials of your account. There are many thing that can cause it (network blockage, domain settings, server configuration, and other issues). In all ca
Read more

Unable to connect to Wireless profile being pushed using GPO

Image
Today , some laptop users started reporting as they are unable to connect to ‘Wireless profile’ after SCEP installation has taken place. I found, most of the laptop users were having this issue. I immediately uninstalled SCEP but that didn’t help , tried removing Wi-Fi profiles under the path ‘C :\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces\ Interface’ but that didn’t help too. Error - When checking event viewer, the only error that showed up is as follows 5 times in a row.          “Error skipping EAP method DLL path name validation failed. Error: typeId=25, authorId=0,vendorId=0,vendorType=0”, This error indicates a registry or missing corrupt file issue. ‘ EAPHost is a Microsoft Windows Networking component that provides an Extensible Authentication Protocol (EAP) infrastructure for the authentication of following protocols such as   802.1X   and   Point-to-Point (PPP). Cause - Symantec didn’t uninstall properly caused this issue. Resolution – After chec
Read more