I'm new to this industry and could really use some help! We have a customer who usually accesses a VM via RDP without any issues. However, today she's facing a problem of her account being constantly locked out. We've tried manually unlocking her user account through the interface and Powershell as an admin, but it doesn't seem to work; it only stays unlocked for a minute, maximum.
I'm wondering if there's a machine she used to log into in the past that's sending old authorization requests and causing her account to lock out. I checked the event logs and found a computer name associated with the lockouts, but we can't locate that machine anywhere. Would shutting down this mysterious machine resolve the issue? I'm looking for insights from anyone who's dealt with something like this before. Any help would be greatly appreciated!
5 Answers
It could also be that her account is being used for scheduled tasks or as a service account somewhere. I’ve had this happen multiple times—clearing out old credentials from the Credential Manager on the VM can sometimes help, especially if that account's being accessed by an unauthorized device.
Absolutely, it sounds like a past login is causing the problem. If you find out which machine it is, consider shutting it down temporarily to see if the lockouts stop. You might also want to check your VPN concentrator or firewall; I've seen those generate lockouts when there's failed login attempts on behalf of user accounts.
I've had similar issues where cached passwords on personal devices led to constant lockouts. Make sure her account isn’t being used elsewhere, like on a device not allowed by your policy. If you can't identify the device name, it might be best to investigate further to ensure it’s not external access causing the issue.
Thanks for the tip! I already cleared out the Credential Manager, but I’ll keep an eye out for any unauthorized access.
Have you checked out Microsoft's Account Lockout and Management Tool? It’s really helpful for situations like this. It might guide you in tracking down the source of the lockouts. Plus, it’s free, so definitely worth a try!
Totally agree! I’ve used that tool before, and it made a big difference in sorting out similar issues.
Make sure to find all devices where her account is logged in and log them out. You might also want to check if her phone is trying to connect through the office Wi-Fi or a VPN, as that could trigger the lockouts. Also, look for any services or scheduled tasks that might be using her credentials on different machines.
That's interesting! We haven't encountered that machine before but will definitely check the firewall's logs for any suspicious activity.