Dinus1979 Posted January 12, 2016 Report post Posted January 12, 2016 Goodmorning everyone. I have a problem that persists and haunts me in my Domain !!! Many users complain that the account is blocked for no reason! What I did: 1. I have enabled the Netlogon logging (nltest / dbflag: 0x2080ffff) 2. Downloaded Lockout Status tool I picked up a user account that is locked and started troubleshooting. The log file is written this: [LOGON] DOMAIN: SamLogon: Transitive Network logon of Domain 500 \ USERNAME from Client01 (via SHAREPOINT) Returns 0x0 [LOGON] DOMAIN: SamLogon: Transitive Network logon of Domain 500 \ USERNAME from Client01 (via SHAREPOINT) Returns 0x0 [LOGON] DOMAIN: SamLogon: Transitive Network logon of Domain500 \ USERNAME from Client01 (via SHAREPOINT) Returns 0x0 [LOGON] DOMAIN: SamLogon: Transitive Network logon of Domain500 \ USERNAME from Client01 (via SHAREPOINT) Returns 0x0 [LOGON] DOMAIN: SamLogon: Transitive Network logon of Domain500 \ USERNAME from Client01 (via SHAREPOINT) Returns 0x0 [LOGON] DOMAIN: SamLogon: Transitive Network logon of Domain500 \ USERNAME from Client01 (via dc1) Returns 0xC000006A [LOGON] DOMAIN: SamLogon: Transitive Network logon of Domain500 \ USERNAME from Client01 (via dc1) Returns 0xC000006A [LOGON] DOMAIN: SamLogon: Transitive Network logon of Domain500 \ USERNAME from Client01 (via dc1) Returns 0xC000006A [LOGON] DOMAIN: SamLogon: Transitive Network logon of Domain500 \ USERNAME from Client01 (via dc1) Returns 0xC0000234 [LOGON] DOMAIN: SamLogon: Transitive Network logon of Domain500 \ USERNAME from Client01 (via SHAREPOINT) Returns 0xC0000234 What happened by the user: He has made a change password without restarting the workstation Where is the problem ?? THANK YOU Quote Share this post Link to post Share on other sites More sharing options...
g-fx Posted January 12, 2016 Report post Posted January 12, 2016 I use Netwrix account lockout examiner. Great tool. I now see who locks out their account from which device and go from there. There are so many reasons for lock outs.. wireless, exchange, mapped drives, scheduled tasks, cache passwords etc etc.If the source is a workstation, go into control panel and have a look credential manager. gives you a start Quote Share this post Link to post Share on other sites More sharing options...
Dinus1979 Posted January 13, 2016 Report post Posted January 13, 2016 I use Netwrix account lockout examiner. Great tool. I now see who locks out their account from which device and go from there. There are so many reasons for lock outs.. wireless, exchange, mapped drives, scheduled tasks, cache passwords etc etc.If the source is a workstation, go into control panel and have a look credential manager. gives you a start I found the problem to 70% is the Lync client. In fact, versions 2010 and 2013 remain cached login credentials! I do further checks to confirm ... Quote Share this post Link to post Share on other sites More sharing options...
