Account Lockout is a very common thing happen in Windows environment. This can be cause by multiple reasons but I will list out the common reason below:
- User enters the wrong password more than 5 times.
- User has changed its password but forgot to refresh it current credential in remote server.
- User has utilized save password tool and automatic use the old password to login to proxy/server.
- Inconsistent Domain Controller refresh rate cause newly change password not accepted in some other region Domain Controller.
Microsoft has come out some useful tool to fix this problem. The Tool is call Account Lockout Tool which in short call ALTool.
This tool is available as Microsoft website at following address:
——————————————————————————————————————————
Use lockoutstatus.exe to see where is the lockout occurred. The Domain Controller (DC) who lockout the account can be easier identify as it carry the most password error count.
Open up eventcombMT.exe – (require Read access to DC security log)
Search-> account Lockout, select (highlight the DC you want to search)
Click Search button. If the lockout is fresh/recent, you can actually abort the search halfway if there is sufficient matching event found.
The log file will generate at the C:\Temp folder.
Open your command prompt.
Navigate to C:\temp and type findstr /i USERNAME XXX-security_log.ext > user.txt
This will create a user.txt that only contains the client IP where the account is lockout.
Login to the machine and log off the entire user instance.
If not working, you need to use other method. We need to register a DLL to the client machine that lockout the user and view the log.
You can get more information from the AlockoutXP.zip.
PS: Lockout.dll doesn’t work well in Vista or any Windows Server environment, attached such DLL will normal crash the session and you need to unregister the DLL from safe mode.
