Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, May 25, 2016 8:57 PM
Hello - Hoping to find a answer or someone to point me in right direction. I have a user that is being locked out of his W10 workstation about 15 minutes after logging in. If he locks his workstation then steps away comes back and unlocks it he is locked out. I have done some research and have found what sounds like a solution but this is a rollup for last October 2015. KB3097617. This rollup stats it will update the kerberos.dll. The version they list it will update to is 10.0.10240.16542. I looked on this machine and a couple other W10 machines and the .dll is newer then this one. 10.0.10586.306. When I looked through the list of installed updates I do not see this update as applied. FYI this machine was put in operation in March 2016. I have looked for further updates or others having this issue and it always points back to this Update being applied. I would think if it was needed it would have been download as part of the windows updates and yet the machine is fully patched. Not sure where to go from here. To resolve the issue we have temporarily turned off Kerberos preauthentication in the users account in AD and this resolved the issue but not a good fix. Any insight would be surely appreciated.
Thanks
All replies (1)
Thursday, May 26, 2016 2:35 AM ✅Answered
Hi Bills,
Based on your description, I know you are an experienced IT engineer, the temporary workaround is wise.
In general, if an AD user’s account lockout, we need to check service control manager on DC at first, try to reset user’s password to test result.
Besides, there are other reasons can lead to account lockout, please look at this documentation.
Troubleshooting Account Lockout
https://technet.microsoft.com/en-us/library/cc773155%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
To my knowledge, Microsoft has an useful tool that called Account Lockout and Management Tools can help you deal with account lockout issue, try to use it.
Account Locked Out Troubleshooting-EventCombMT
On the other hand, the KB3097617 you mentioned it’s too old to use, it’s enough to make sure that client’s system is up to date.
In addition, we could go to DC’s Security logs in event viewer, check logged events about lockouts, once done, check if there is a service / application on this computer that are running under an old password or a wrong one.
Smart as you, I believe can choose a proper measure to handle this condition.
Regards
Please mark the reply as an answer if you find it is helpful.
If you have feedback for TechNet Support, contact [email protected]