Change Password, user gets locked out


Recommended Posts

Hi,

On a bunch of users in our domain, if they change their password, then the next time they open Outlook for example, they're locked out.

I assume this is because they hit "Save password" and its trying to use the old password, but I don't know for sure. Anyone every have a problem with this?

Link to comment
Share on other sites

You have to give us more information because exchange uses the current profile for authentication. Outlook doea not need a password so to speak. Are there issues with the exchange server authenticating against your DC? Check event logs on both.

Link to comment
Share on other sites

Yah it does, so I'm wondering if current profile password doesn't match DC password, and thats creating lockout issues.

Next time i change my password, I'll pay attention to the logs, as when it happens, it requires my unlocking my account 3 times before everything is good, so I was just hoping someone has had a similar problem.\

What happened last nite was i used the SBS Remote Web App to change my password as it expired, then when i Remote Desktop'd in, it locked me out when I finished getting logged in. (Outlook went Offline, my shares went to a disconnect state, etc).

Link to comment
Share on other sites

When you change you password it changes it in AD not on the local machine. Normal operations do not transmit the username and password for every request. Instead, they verify the the request comes from a user who has correctly authenticated. For this reason, even if you change your password, it should not effect anything during the current session. Subsequesnt session will authenticate using the new password.

You mention share going to a disconnect state and remote desktop. Are you remoting into a desktop at the office and while remoted in changing the password?

There is no difference between a profile password and a domain password unless you are not logging in to the domain or are using legacy clients like 98.

Again, I want to help, but I need a little more information.

Link to comment
Share on other sites

I know, it's hard to explain unless you're their to witness it.

The way SBS Remote works is, you log into the servername/Remote/ ASP.NET Web App, which contacts the Domain Controller (from home, so I am not currently logged in at all to the domain). Once you are authenticated, you can either check your email with OWA, or Remote Desktop into a workstation. I changed my password at the authentication point, then proceeded to Remote Desktop in, which brings up the MSTSC window and you see the typical NetLogon box. I type in my UserName and NEW password there, it authenticates and logs me in. Then as my Startup Apps and Scripts and all that run, an old password is stored, which for some reason tries to log in 10 times (my lockout policy value), then the domain controller locks me out and it won't let me onto Exchange (through Outlook; brings up the username/password popup you see when you're logged into local machine and request access to a server share, etc), I don't have permission to any domain shares, etc.

To sum it up, I change my password without being actually logged in with a profile. Same problem exists if I change my password at a workstation (ctrl+alt+del and change password).

Link to comment
Share on other sites

I had a similar issue with one of my users. There was a stored password and userid in the following place:

Control panel -> User Accounts -> Advanced tab - > Manage Passwords.

It was actually stored on a PC he had done a network mapping (or something of the like) and used his credentials weeks before. He changed his password and it was his old info on somebody else's PC that kept locking him out.

Maybe not quite the same issue but worth a look!

Link to comment
Share on other sites

I'm wondering if thats whats doing it jtg, as I just changed my password right now and I didnt see that box.

Hopefully thats it, thanks jtg and Bill too for helping.

Link to comment
Share on other sites

I have also seen, that if password complexity is enabled on the domain, (i.e. requiring symbols etc) that user putting in non-complient passwords can lock themselves out as well.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.