1

our Exchange Server locks out one AD-User since the User changed the password. He can log in to Windows, starts Outlook and locks the User, every day. We Use the Exchange Server 2016 and the AD is on a Windows Server 2019. Does anyone know whats could be the issiue?

The Eventlog (Event-ID 4740) shows me this:

A user account has been locked.

Applicant:
    Security ID:        SYSTEM
    Account Name:       AD Server
    Account domain:      Domain
    Login ID:            0x3E7

Locked account:
    Security ID:         Domain\User
    Account Name:       User

Further information:
    Calling computer name:      ExchangeServer

________Original German___________
Ein Benutzerkonto wurde gesperrt.

Antragsteller:
    Sicherheits-ID:     SYSTEM
    Kontoname:           AD-Server
    Kontodomäne:        Domain
    Anmelde-ID:          0x3E7

Gesperrtes Konto:
    Sicherheits-ID:     Domain\User
    Kontoname:      User

Weitere Informationen:
    Aufrufcomputername:      ExchangeServer

Thanks a lot

Dimimon

Dimimon
  • 11
  • 1
  • 2
  • 1
    Most probably the old password is stored on a client. – Gerald Schneider Oct 22 '20 at 08:56
  • I already tried to delete all saved passwords (cmdkey empty) and deleted the Outlook-Profile. – Dimimon Oct 22 '20 at 09:23
  • See if the user is using any third party mail client, accessing it on their phone or using some other software to access their mailbox on the server. Check the authentication logs to see what client is failing: https://docs.microsoft.com/en-us/exchange/mail-flow/transport-logs/connectivity-logging?view=exchserver-2019 – Elliot Huffman Oct 23 '20 at 02:48
  • There is a lockout tool you can use to see where the lock out is initiated. You'll be able to find some source event on the DC where this took place. That should give you some clue to the client machine that's causing it- https://www.microsoft.com/en-us/download/details.aspx?id=15201 – Lex Oct 27 '20 at 02:48

1 Answers1

0

Based on my research, i want to confirm the following questions to narrow down this issue:

  1. Can this user login OWA successfully?

  2. If the user has configured email on the mobile device, please update the password.You could run below command to check which devices were connecting to my mailbox over ActiveSync:

    Get-MobileDeviceStatistics -Mailbox user01 | ft DeviceType, DeviceUserAgent, LastSuccesSync

  3. How long has the password been changed? User properties must replicate between domain controllers to ensure that account lockout information is processed properly. You should verify that proper Active Directory replication is occurring.

  4. Ask this user if is the same with the windows login password and outlook password? Here's a similar thread for your reference: AD Account locks out when using Outlook 2016 with correct credentials

  5. Try to log in to Outlook on other PCs to check if this issue continues.

In addition, here's a guidance may be helpful to your issue.

Joy Zhang
  • 1,057
  • 1
  • 5
  • 5
  • 1) We disabled OWA like two weeks ago, to avoid the possibility that its triggers the issue. 2) I tried this, and there where two Android devices and one Windows Life Agent connected, I removed them, it may be the reason. 3) It was changed around 3 weeks ago. 4) The password is the same everywhere. I will try the number 2 and the number 5 and contact you if I know anything new. Thanks a lot already. – Dimimon Oct 23 '20 at 10:51
  • Any updates on this issue? – Joy Zhang Oct 28 '20 at 06:59
  • Not realy, its still happening, deaktivated everything in the startup. – Dimimon Oct 29 '20 at 08:52
  • Refer to this similar thread, some tools are mentioned to find out the source of locked account. https://social.technet.microsoft.com/Forums/ie/en-US/94a7399f-7e7b-4404-9509-1e9ac08690a8/account-lockout?forum=winserverDS – Joy Zhang Nov 04 '20 at 06:10