I'm pretty new to the IT world, and I could really use some help understanding a frustrating issue we're facing. One of our customers connects to a virtual machine via RDP without any problems, but today she's experiencing constant lockouts of her user account. We've tried to unlock her account manually, both through the admin interface and PowerShell, but nothing seems to work; it only stays unlocked for about a minute.
I suspect there might be another machine somewhere that she logged into in the past, which could be sending outdated credentials and causing these lockouts. I checked the event logs and found mention of a computer that's locking her out, but I can't trace this machine or find it physically. If I remotely shut down this unknown machine, will that solve her problem? Has anyone experienced something like this before, and what could be causing the constant lockouts? Any insights would be greatly appreciated!
5 Answers
Make sure to look at her other devices too, like if her mobile is trying to connect via VPN or if there are any saved credentials in her credential manager that might be causing issues. Also, check for any scheduled tasks or services using her login on both her device and the VM.
You’re definitely on the right track about another machine causing the issue. If you can find any logging tools, they might help you track down what's trying to authenticate. It's a common problem, and addressing the source is key.
Definitely check all the endpoints where the user might be logged in. Terminate any active sessions. It’s pretty straightforward, so good luck with it!
You might want to check out Microsoft's free Account Lockout and Management Tool. It can really help you identify where the lockouts are coming from. Here's the link: https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/account-lockout-and-management-tool. It's saved me plenty of times!
Sometimes, these issues arise from accounts being used for scheduled tasks or services. Check if any scheduled tasks or services are running under her account. This has happened to me before, and it was the source of the lockout.
That machine doesn't seem like one we've ever worked with or stored information about, which is puzzling!