Accounts being locked in Active Directory 2003

0 pts.
Tags:
Active Directory
Hi there, we "upgraded" our AD from 2000 to 2003 a couple of months back and still have a few problems. User accounts seem to get locked frequently. We have an IIS app server (2003) that is supposed to use integrated authentication but I think it has problems. Whenever someone changes their pwd then trys to open the intranet app it is prompted for a pwd. Neither the new or the old one works and the account becomes locked. This sometimes happens with Outlook 2003 too. This didn't happen with AD 2000. Still running AD in 2000 mode, haven't the courage to change to 2003 native yet! Also does anyone know of any problems applying 2003SP1 to 2003 DC's? thx! Brian
ASKED: April 28, 2005  12:46 AM
UPDATED: May 3, 2005  9:26 AM

Answer Wiki

Thanks. We'll let you know when a new response is added.

Since no one else is taking this question, I’ll give it a shot. Be forewarned, I don’t know how accurate this may be. I haven’t played around with IIS 6.0.

First things first: I’m assuming that you are using authentication to the Active Directory in IIS 6.0. Also, I’m assuming you are changing your passwords in the normal manner of either forcing the user to change it on logon or during a normal expiration period.

The first thing that comes to mind is that you have the group or local security policy setting of “Store passwords using reversible encryption” and/or “Do not store LanManager passwords at next password change” set. The only reason that I can see that this would cause a problem is if your IIS application is using the older LanManager authentication, however. If so, update it to use NTLM.

It could be some of the security changes in IIS 6.0 that are messing you up, but I doubt it because you are hopefully using Active Directory authentication with the previous web app.

If you have multiple domain controllers, it could be a synchronization issue between the DCs. You can force a replication using the “Sites and Services” administrative application. Otherwise, you may have to wait 15 minutes afer changing a password to use the web app.

Hope one of these puts you in the right direction.

Sonyfreek

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Cptrelentless
    Sounds like you have either replication issues or you have not given the correct permissions to your app in IIS. Have you tried cranking up the app to run as the local system rather than a network service? This should tell you if your permissions are skewed. I have had issues with the permissions on the App Pool. Otherwise look for errors in getting AD data about the place, there may be conflicts arising due to stale data. As to 2003SP1 - it works fine if you just install it over the top, it doesn't actually turn on the firewall or stop any services until you run the security config wizard. When you run the SCW be very careful about stuff you may need in future as it's a snapshot tool and disables everything you are not immediately using, like the intersite transport service, for example.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following