This might be not a VMware issue as such but someone can assist if he/she have some idea on this I have a user in whose account gets locked out immediately within 2 minutes. I am fed up unlocking his account all the time and could not find why it's happening. Our domain password policy is to get an account locked out after 3 wrong password attempts. But this user really knows his password and able to log in by one shot, but after few minutes he gets locked out for no reason I deleted his account and recreate again but the situation is the same I wonder may be there are some other applications/services are trying this account to authenticate againist Active Directory.
Hi Thrash,
This is definitely not something VMWare related. I would be very careful re-enabling that account as it sounds as if something (or someone) is trying to bruteforce the password on that account - thus, every couple of minutes you have to re-enable it. Do you have any log file/event manager (Splunk, Solarwinds LEM, ect?) that you can keep an eye on to track what's going on with that account?
This probably isn't the message board to get much help with this issue but as I said, this sounds like a potentially compromised account.
Hi,
as said this is not VMware related. You should get the Microsoft Account Lock Tools: http://www.microsoft.com/en-us/download/details.aspx?id=18465
And take a look which Domain Controller locks the account and then take a look into its logs to identify the source of the wrong password. It's often a network drive or a network printer with the wrong credentials. Windows will try to establish the connection multiple times with the wrong credentials and the account gets locked.
Regards
Thankx Guyz I`m aware that it might be something that is not relevant on this platform its that I`m worried and desperate about this issue.
I've found that idle RDP sessions with an old password often cause problems like this. You can use the link posted by schepp and check out EventComb. Here's an article on how to use it for Account Lockouts.
http://support.microsoft.com/kb/824209
The results will give you a list of where the lockouts are occurring, from what server/ip, etc.
Good luck!