locked
Active Directory Account Lockouts Every Second of the Day RRS feed

  • Question

  • Hello everyone,

    Since last week ago I’m struggling with my Active Directory Account Lockouts

    I have read all the possible answers on MWG Forums, Tech Support, Sys Admin and Microsoft Forms also.

     Till now I find myself in the middle of nowhere. So I decided to post here once again the question if anyone has experienced this before and how it has been solved

     Note: In all the previous questions marked as solutions I could not find anything useful

     So below I will describe my situations:

    • Last week ago I changed my windows AD credentials due to expiry date
    • Since that moment I keep getting locked every second !
    • If I want to be unlocked the sys admin should be on the phone with me. They need to click on OK and unlock my user and me at the same time I should click OK in order to login !

    Without this synchronization it is not possible since my user is getting locked two frequently

    • I have changed the password four time but no result
    • From the logs of AD, on event 4740 I can see only that the caller computer name is MWG ( which is our proxy web gateway server )
    • Our Proxy ( MWG ) is joined into domain ( using NTLM2 method )
    • I have tried to enable on MWG the bad password logs but nothing useful can be found from there
    • I keep getting the popup from proxy (MWG)
    • I keep getting locked
    • I have logged on every possible server with rdp and sign out from there from my user
    • I have check all the possible logs from AD but the only thing that I keep looking is: Caller computer name MWG

     

    %NICWIN-4-Security_4776_Microsoft-Windows-Security-Auditing: Security,rn=506628954 cid=9316 eid=728,Mon Nov 02 12:28:46 2020,4776,Microsoft-Windows-Security-Auditing,,Audit Failure,Credential Validation,The computer attempted to validate the credentials for an account. Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon Account: UserName Source Workstation: McAfeeNew Error Code: 0xC0000234

     

    • Tech Support of MWG is saying that is not MWG which is looking my AD credentials but another computer
    • I believe the opposite:  maybe on another workstations where the pop up of MWG has appeared I may have inputed my AD credentials
    • I have checked on all servers and my workstation for Windows Credentials ( like everyone) is suggesting but nothing is shown there.
    • I have used Netwrix_Account_Lockout_Examiner on our Domain Controller but I could find nothing

    I found some task scheduler on my PC with my UserName wich I have disabled but it is not working

    Since Netwrix_Account_Lockout_Examiner is using event viewer logs I find it useless

     

    Please could you help me ?

     

    Has anyone faced this before ? Maybe it is better to close my UserName but I find it not a good solution

     

    Thank Youuuu


    • Changed type Dave PatrickMVP Tuesday, November 3, 2020 1:28 PM question
    • Moved by Dave PatrickMVP Tuesday, November 3, 2020 1:29 PM looking for forum
    Tuesday, November 3, 2020 1:20 PM

Answers

All replies

  • I'd try asking for help over here

    https://docs.microsoft.com/en-us/answers/topics/windows-active-directory.html

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    • Proposed as answer by Guido Franzke Tuesday, November 3, 2020 2:25 PM
    • Marked as answer by Guido Franzke Monday, November 9, 2020 7:13 AM
    Tuesday, November 3, 2020 1:28 PM
  • https://community.spiceworks.com/topic/995214-continuous-user-account-lockout

    I hope it helps thanks 

    Tuesday, November 3, 2020 2:24 PM
  • Hello, i have followed the solutions but it is not working.

    At this point i was thinking a way to force logg off my user from all computers joined into domain (?!)

    Tuesday, November 3, 2020 2:48 PM
  • This is "where is" forum for direction on where best to ask questions.  I'd  try asking for help over here

    https://docs.microsoft.com/en-us/answers/topics/windows-active-directory.html

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Tuesday, November 3, 2020 2:53 PM