Have a look at this post, if the account is being locked by a remote session the report will include the machines in the authentication path, which might help identify which machine the invalid authentication request is coming from. https://nettools.net/troubleshoot-account-lockouts/
Persistent lockouts
Persistent lockouts
I deployed a new computer to a end user and now I am dealing with a persistent lockout issue. It seems to be related to Remote Desktop. I have performed the following steps:
-Cleared Credential Manger
-Verified no saved passwords in Microsoft Edge & Google Chrome
-Revoked 2FA token
-Signed out of all sessions
-Force log out of Remote Desktop
-Monitor sign in logs
-Checked Lockoutstatus.exe for server
-Checked Event Viewer for the server mentioned in Lockoutstatus.exe (e.g. event 4740)
-Installed the latest Windows Updates and Dell SupportAssist Driver updates
-Updated RemoteApps
-gpupdate /force
-Sync via Settings app
-Instructed the end user to signout instead of closing the window
The end user is locked out very approximately every hour. I am running out of ideas. Is there anything I missed? I don't have too much experience with Remote Desktop, but is there a way for an admin for force the log out? I reached out to a co-worker. I was told it was performed, but it did not resolve the issue.
2 answers
Sort by: Most helpful
-
-
Andrew H 0 Reputation points
2023-10-24T15:17:41.0833333+00:00 Thank you for the response. I will check out the article and give it a try.