Hello everyone,
Since last week ago I’m struggling with my Active Directory Account Lockouts
I have read all the possible answers on MWG Forums, Tech Support, Sys Admin and Microsoft Forms also.
Till now I find myself in the middle of nowhere. So I decided to post here once again the question if anyone has experienced this before and how it has been solved
Note: In all the previous questions marked as solutions I could not find anything useful
So below I will describe my situations:
- Last week ago I changed my windows AD credentials due to expiry date
- Since that moment I keep getting locked every second !
- If I want to be unlocked the sys admin should be on the phone with me. They need to click on OK and unlock my user and me at the same time I should click OK in order to login !
Without this synchronization it is not possible since my user is getting locked two frequently
- I have changed the password four time but no result
- From the logs of AD, on event 4740 I can see only that the caller computer name is MWG ( which is our proxy web gateway server )
- Our Proxy ( MWG ) is joined into domain ( using NTLM2 method )
- I have tried to enable on MWG the bad password logs but nothing useful can be found from there
- I keep getting the popup from proxy (MWG)
- I keep getting locked
- I have logged on every possible server with rdp and sign out from there from my user
- I have check all the possible logs from AD but the only thing that I keep looking is: Caller computer name MWG
%NICWIN-4-Security_4776_Microsoft-Windows-Security-Auditing: Security,rn=506628954 cid=9316 eid=728,Mon Nov 02 12:28:46 2020,4776,Microsoft-Windows-Security-Auditing,,Audit Failure,Credential Validation,The computer attempted to validate the credentials
for an account. Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon Account: UserName Source Workstation: McAfeeNew Error Code: 0xC0000234
- Tech Support of MWG is saying that is not MWG which is looking my AD credentials but another computer
- I believe the opposite: maybe on another workstations where the pop up of MWG has appeared I may have inputed my AD credentials
- I have checked on all servers and my workstation for Windows Credentials ( like everyone) is suggesting but nothing is shown there.
- I have used Netwrix_Account_Lockout_Examiner on our Domain Controller but I could find nothing
I found some task scheduler on my PC with my UserName wich I have disabled but it is not working
Since Netwrix_Account_Lockout_Examiner is using event viewer logs I find it useless
Please could you help me ?
Has anyone faced this before ? Maybe it is better to close my UserName but I find it not a good solution
Thank Youuuu
