Answered by:
Active Directory Account Lockouts Every Second of the Day

Question
-
Hello everyone,
Since last week ago I’m struggling with my Active Directory Account Lockouts
I have read all the possible answers on MWG Forums, Tech Support, Sys Admin and Microsoft Forms also.
Till now I find myself in the middle of nowhere. So I decided to post here once again the question if anyone has experienced this before and how it has been solved
Note: In all the previous questions marked as solutions I could not find anything useful
So below I will describe my situations:
- Last week ago I changed my windows AD credentials due to expiry date
- Since that moment I keep getting locked every second !
- If I want to be unlocked the sys admin should be on the phone with me. They need to click on OK and unlock my user and me at the same time I should click OK in order to login !
Without this synchronization it is not possible since my user is getting locked two frequently
- I have changed the password four time but no result
- From the logs of AD, on event 4740 I can see only that the caller computer name is MWG ( which is our proxy web gateway server )
- Our Proxy ( MWG ) is joined into domain ( using NTLM2 method )
- I have tried to enable on MWG the bad password logs but nothing useful can be found from there
- I keep getting the popup from proxy (MWG)
- I keep getting locked
- I have logged on every possible server with rdp and sign out from there from my user
- I have check all the possible logs from AD but the only thing that I keep looking is: Caller computer name MWG
%NICWIN-4-Security_4776_Microsoft-Windows-Security-Auditing: Security,rn=506628954 cid=9316 eid=728,Mon Nov 02 12:28:46 2020,4776,Microsoft-Windows-Security-Auditing,,Audit Failure,Credential Validation,The computer attempted to validate the credentials for an account. Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon Account: UserName Source Workstation: McAfeeNew Error Code: 0xC0000234
- Tech Support of MWG is saying that is not MWG which is looking my AD credentials but another computer
- I believe the opposite: maybe on another workstations where the pop up of MWG has appeared I may have inputed my AD credentials
- I have checked on all servers and my workstation for Windows Credentials ( like everyone) is suggesting but nothing is shown there.
- I have used Netwrix_Account_Lockout_Examiner on our Domain Controller but I could find nothing
I found some task scheduler on my PC with my UserName wich I have disabled but it is not working
Since Netwrix_Account_Lockout_Examiner is using event viewer logs I find it useless
Please could you help me ?
Has anyone faced this before ? Maybe it is better to close my UserName but I find it not a good solution
Thank Youuuu
- Changed type Dave PatrickMVP Tuesday, November 3, 2020 1:28 PM question
- Moved by Dave PatrickMVP Tuesday, November 3, 2020 1:29 PM looking for forum
Tuesday, November 3, 2020 1:20 PM
Answers
-
I'd try asking for help over here
https://docs.microsoft.com/en-us/answers/topics/windows-active-directory.html
Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows Server] Datacenter Management
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.- Proposed as answer by Guido Franzke Tuesday, November 3, 2020 2:25 PM
- Marked as answer by Guido Franzke Monday, November 9, 2020 7:13 AM
Tuesday, November 3, 2020 1:28 PM
All replies
-
I'd try asking for help over here
https://docs.microsoft.com/en-us/answers/topics/windows-active-directory.html
Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows Server] Datacenter Management
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.- Proposed as answer by Guido Franzke Tuesday, November 3, 2020 2:25 PM
- Marked as answer by Guido Franzke Monday, November 9, 2020 7:13 AM
Tuesday, November 3, 2020 1:28 PM -
https://community.spiceworks.com/topic/995214-continuous-user-account-lockout
I hope it helps thanks
Tuesday, November 3, 2020 2:24 PM -
Hello, i have followed the solutions but it is not working.
At this point i was thinking a way to force logg off my user from all computers joined into domain (?!)
Tuesday, November 3, 2020 2:48 PM -
This is "where is" forum for direction on where best to ask questions. I'd try asking for help over here
https://docs.microsoft.com/en-us/answers/topics/windows-active-directory.html
Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows Server] Datacenter Management
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.Tuesday, November 3, 2020 2:53 PM