For the last week or so, my colleagues have suffered an increasing amount of profanity as I’ve struggled with account lockouts on our Active Directory. I honestly nearly threw my notebook PC across the room last Wednesday.
I’d had my password reset twice and the account lockout flag removed about 7 or 8 times but I didn’t really get the answer that I needed when I asked our (offshored) IT helpdesk what might be causing the problem (for example, were there any AD synchronisation issues that they were aware of). After giving up on the helpdesk, I circumvented the proper support channels and dropped an e-mail to one of the administrators, who helpfully pointed me in the direction of another support team with the tools to diagnose the source of my lockouts and said it tends to be a disconnected terminal session or a software update program (e.g.from Adobe) using old credentials (e.g. to access the Internet via our proxy servers) that causes the lockout.
Sure enough, the problem was traced to a terminal server – and I did have a disconnected session there. Since resetting that session, the account lockouts have gone away and my access to e-mail, intranet, internal websites, Internet proxy servers, etc. has been restored.
My first inclination was to blame the infrastructure – and in this case it turned out to be a user error (or “a layer 8 problem”, as I like to refer to such things)… even so, I thought the experience might be useful for someone else who is getting frustrated by near-continuous account lockouts.