I've been dealing with a tricky situation for the past three months involving a user who keeps getting locked out of their account. My background is primarily in helpdesk support, and my sysadmin skills are pretty basic, so I'm looking for any help I can get. Here's what I've done so far:
- Re-imaged the user's laptop.
- Changed settings for MDM and MFA on their iPhone.
- Uninstalled Teams from their iPad and removed it from Intune.
- Reset their password multiple times, both as an old password and to a hard-set password.
- Forced sign-out from all O365 devices.
- Shut down all user devices overnight, but their Teams status still showed as away.
The trouble began when the user changed their password remotely before connecting to the VPN, and since then, we suspect there might be another device logged in somewhere that's causing these lockouts. We've been in touch with the infrastructure team to look for unusual activity, but nothing suspicious has shown up. Just last week, after a specific procedure to unlock the user from each DC, they didn't lock out for around four days only to then get locked out again. I'm considering having the user turn off all devices at home to see if that changes their Teams status to offline. If anyone has experienced similar issues or has suggestions for troubleshooting, I'd greatly appreciate your input!
5 Answers
I’m betting on a rogue ActiveSync client. Have the user check all devices they use for email to see if there’s an old password stuck somewhere. It's often a personal device that's causing the trouble!
If you haven’t already, try using Microsoft's Account Lockout and Management Tools. It can help give insight into what's triggering the lockouts and point you towards the right source.
It sounds like the WiFi credentials might be the culprit. If your WiFi connection uses old org credentials and isn’t updated after a password change, it can keep trying to log in and lock the user out. Definitely worth checking that first!
This might be due to the laptop not syncing with the domain when the user logs in. If they connect to the VPN but the laptop hasn't synced the new password yet, that could trigger lockouts. Suggest RDP-in while connected to the VPN as a test to see if that helps! You might need to check the Event Viewer logs for more clues.
Could it be an issue with VMs? If the user logs into any virtual machines, any stale credentials there could be causing those lockout attempts. It's definitely worth investigating!
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures