T
Tom Edelbrok
Guest
To all,
We have a Server 2003 network (2 Domain Controllers, 3 member servers, and
about 60 Windows XP SP2 clients). About 3 months ago we noticed that the
occasional user would get into a lockout problem after having changed their
expiring password successfully. What happens is that after changing their
password they can run fine for a while (even logging out and back in), but
then all of a sudden their account gets locked out. However, they haven't
done anything to lock it out (ie: they haven't put in a bad password three
times in succession). We unlock their account and they work fine for a day
or so, then boom - it happens again. It occurs while they are already logged
in, ie: the Internet Explorer starts looking for authentication, and their
Outlook client (for Exchange Server 2003) also looks for authentication.
Neither of these should be asking because they are logged in via Active
Directory, and secondly, the Internet Explorer uses an LDAP authentication
via a Linux box to authenticate against Active Directory. It only affects a
few people, but it affects them so severely that we have to get a solution
to the problem.
The only solution we've come up with is to rebuild the user's PC (wipe the
drive and re-install XP). Then they are fine.
We speculate that there must be some background processes (ie: java update
checker, or who knows what) that are going out to the web to search for
updates, and are somehow using the user's old password (ie: from before they
changed it). Perhaps this 'old' password is encrypted and store in the
registry someplace based upon the last time a process was successful in
accessing the web. If these background processes are failing to authenticate
a number of times then that would explain the user being locked out while
they're currently logged in.
Does this make sense? Does anyone else have any ideas? Has anyone else seen
a problem like this?
Tom Edelbrok
We have a Server 2003 network (2 Domain Controllers, 3 member servers, and
about 60 Windows XP SP2 clients). About 3 months ago we noticed that the
occasional user would get into a lockout problem after having changed their
expiring password successfully. What happens is that after changing their
password they can run fine for a while (even logging out and back in), but
then all of a sudden their account gets locked out. However, they haven't
done anything to lock it out (ie: they haven't put in a bad password three
times in succession). We unlock their account and they work fine for a day
or so, then boom - it happens again. It occurs while they are already logged
in, ie: the Internet Explorer starts looking for authentication, and their
Outlook client (for Exchange Server 2003) also looks for authentication.
Neither of these should be asking because they are logged in via Active
Directory, and secondly, the Internet Explorer uses an LDAP authentication
via a Linux box to authenticate against Active Directory. It only affects a
few people, but it affects them so severely that we have to get a solution
to the problem.
The only solution we've come up with is to rebuild the user's PC (wipe the
drive and re-install XP). Then they are fine.
We speculate that there must be some background processes (ie: java update
checker, or who knows what) that are going out to the web to search for
updates, and are somehow using the user's old password (ie: from before they
changed it). Perhaps this 'old' password is encrypted and store in the
registry someplace based upon the last time a process was successful in
accessing the web. If these background processes are failing to authenticate
a number of times then that would explain the user being locked out while
they're currently logged in.
Does this make sense? Does anyone else have any ideas? Has anyone else seen
a problem like this?
Tom Edelbrok
T_Wj.2908$KB3.349@edtnps91...