11/02/2009 4192 views
Since pushing out the agents to our pc's, user accounts keep locking out in AD. We have 100 nodes connected with our current license. but have been pushing the agent out to more via subnet provisioning. It appears that the users who are not part of the 100 licensed nodes are the one who's accounts are constantly locking out.

Considering provisioning asks you for an account to use for agent installing, I have no idea why this is happening. I know that it is the K BOX because after switching it off, the accounts don't lock out, until it is switched on again.

Has anybody else had this issue? or any idea what is causing it?
0 Comments   [ + ] Show comments


Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

All Answers

Is it when you turn on provisioning that the lock-out occurs? And when you turn off provisioning, the lock-out happens again?

How many provisioning runs do you have? How often do each of them run? What kind of account are you using for the provisioning? Are there any messages in the security logs on your domain controller?
Answered 11/02/2009 by: jkatkace
Purple Belt

It does appear to be when provisioning is running that the accounts lock. I have disabled the provisioning and I do not appear to see any lockouts as of yet.
I have three runs, subnet 203 runs every 3 hours, 204 runs every 1 hour and 205 runs every 2 hours. the account that is used for each of these is a domain administrator account I created.

The security logs do not show anything.

Answered 11/02/2009 by: crashnburn
Senior Yellow Belt

This is an interesting issue. It would make sense if the domain admin accounts were being locked out due to an incorrect password, but I have no idea how provisioning could possibly affect user accounts. Have you figured this issue out?
Answered 11/23/2009 by: airwolf
Red Belt

I encountered a similar issue with our service account locking when we enabled client upgrades for a specific group of machines. Did you look at event viewer on the user's machines that keep getting their account locked?
Answered 11/25/2009 by: jg1000c
Orange Belt