Account locks out when other domain resources are accessed

Discussion in 'Active Directory' started by jagan, Nov 1, 2008.

  1. jagan

    jagan Guest

    Hi,

    We had a windows 2000 domain with around 300 users. Owing to organization
    requirement, we have created a separate domain for part of the users and
    migrated them to the new domain. Their login name in the new domain and old
    domain are same.

    Now users still need to access some shared resources and applications in old
    domain. Whenever they try to access resources from old domain we get below
    errors

    Error 1:- Multiple connections to a server or shared resource by the sane
    user, using more than one user name, are not allowed. Disconnect All previous
    connections to the server or shared resource and try again...

    Error2:- The reference account is currently locked out and may not be able
    to logged on to.

    After unlocking the account we can access the account.

    Why are we facing this problem? Is there any solution or workaround to this
    problem. Please help me.

    Thanks in advance.

    Regards
    Jagan
     
    jagan, Nov 1, 2008
    #1
    1. Advertisements

  2. Meinolf Weber, Nov 1, 2008
    #2
    1. Advertisements

  3. jagan

    Marcin Guest

    Jagan,
    have you looked into possibility of persistent drive mappings carried over
    with migrated profiles coming into play here? In any case, you should be
    able to enumerate all sessions (e.g. via Computer Management console) on the
    target server (along with the computer from which they were initiated and
    the corresponding security context) - which could confirm whether this is
    actually the case...

    hth
    Marcin
     
    Marcin, Nov 1, 2008
    #3
  4. In

    In addition to the others' suggestions, try mapping the drive with
    authenticating the mapping using the specific username and the specific
    domain you want to use by using either the UPN or the NetBIOS method:

    domain\username
    or
    or


    --Â
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCT
    Microsoft Certified Trainer

    For urgent issues, you may want to contact Microsoft PSS directly.
    Please check http://support.microsoft.com for regional support phone
    numbers.
     
    Ace Fekay [Microsoft Certified Trainer], Nov 3, 2008
    #4
  5. Hello jagan,
    A user could have mapped drives to a resource from one
    machine, on a different machine he changes his password and then the first
    machine attempts to stay mapped to a drive and the password is no longer
    correct and eventually locks the user out. Or after a password is changed a
    service is running that attempts to authenticate with an old password.

    To help try and track down where the account is getting locked out use
    eventcombMT.exe from the Account Lockout tools found out Microsoft's
    website. Use the built in search AccountLockouts and search in the created
    text files for the user in question.

    http://www.microsoft.com/downloads/...9C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en



    You can also set the debug flag on NetLogon to track authentication. "This
    creates a text file on the PDC that can be examined to determine which
    clients are generating the bad password attempts."
    http://support.microsoft.com/kb/189541
    http://support.microsoft.com/kb/109626


    --
    Paul Bergson
    MVP - Directory Services
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, 2003, 2000 (Early Achiever), NT4


    http://www.pbbergs.com

    Please no e-mails, any questions should be posted in the NewsGroup This posting
    is provided "AS IS" with no warranties, and confers no rights.
     
    Paul Bergson [MVP-DS], Nov 3, 2008
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.