Continuous account lockout error for a domain user in Windows server 2003 DC

windows-server-2003

Continuous account lockout error for a domain user in Windows server 2003 DC. Tried the account lockout and management tool and using the Lockoutstatus.exe I could get the details of client system name, reason ( Bad password) etc and verified the same by checking windows server security logs. The client OS is Windows 7 64bit and Alockout.dll is not compatible with Windows 7.

I tried the following steps.

Cleared the credential manager.
Unmapped the network drive.
Verified that the user only login to domain from his PC ( Single session )
I did a full antivirus scan and Windows malicious removal tool .
Installed all Windows updates.

I think some services may use his domain username for connecting to the network but I need to find out which service / program trying the wrong password. Is there any way I could get the logs for the same ( I also checked the Windows 7 security logs but no information about the bad password etc) Any help would be appreciated.

Regards,
JK

Best Answer

A few random thoughts:

Enable auditing of logon/logoff events on the client, and/or;
Use Microsoft SysInternals Process Explorer and Process Monitor to monitor and investigate processes and what credentials they are using. Process Explorer, for example, shows you the credentials used to launch a process, but you can also drill down and investigate credentials being used through impersonation (enable the lower pane view, set the lower pane to show handles, and then look for Token objects)

That's where I'd start...

Best Answer

Related Solutions

Windows – Vista / Windows Server 2003 Mapped Drive Logon Failure

Virtualized Windows 2003 server machine (VMWare ESX 3) doesn’t recognize domain user

Related Topic