Persistent Account Lockout and Password Prompts in Exchange 2016 On-Premises for Users.

Vandan Patel 0 Reputation points
2023-10-31T16:37:20.1433333+00:00

Within our system comprising Exchange 2016 synced with Active Directory and utilizing Outlook Desktop 2019 on Windows 10, persistent account lockouts continue to afflict users, specifically those who operate across multiple devices. Despite implementing a separate GPO dictating account lockout after 5 unsuccessful attempts and mandatory password changes every 90 days, certain users face recurrent account lockouts following a password change.

The current challenge is that when an account is locked out, if a user attempts to log onto their computer, they receive an error message: "The referenced account is currently locked out and may not be logged on to." Furthermore, when a user is already signed into the computer and their account becomes locked out, the Microsoft Outlook prompt for the password continually appears. However, the prompt does not accept the password due to the account being locked, and it doesn't save the password in the credential manager. Our goal is to accurately trace the responsible device causing these lockouts, mitigate continual password prompts in Outlook, while ensuring a consistent connection to the Exchange server.

In troubleshooting this issue, we've observed that the audit logon/logoff policy only identifies the Exchange server "exchange03" as the locking computer, failing to specify the exact device causing the lockout. This lack of detail makes it challenging to isolate whether the issue originates from an iOS mail app, a specific desktop, or a laptop.

It's important to note that not all users encounter these challenges. Additionally, a recurring prompt surfaces during initial logins on new devices, requesting permission to configure server settings via "https://mail.domain.com/autodiscover/autodiscover.xml."

We urgently seek comprehensive guidance to address these persistent account lockouts, accurately trace the responsible device causing the lockouts, alleviate continual password prompts in Outlook, and enable a seamless connection to the Exchange server. This setup involves Exchange 2016 synced with Active Directory, utilizing Outlook Desktop 2019 on Windows 10.

Exchange Server
Exchange Server
A family of Microsoft client/server messaging and collaboration software.
1,268 questions
Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,484 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,462 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,606 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Yuki Sun-MSFT 41,046 Reputation points Microsoft Vendor
    2023-11-01T05:33:23.0466667+00:00

    Hi @Vandan Patel ,

    Furthermore, when a user is already signed into the computer and their account becomes locked out, the Microsoft Outlook prompt for the password continually appears. However, the prompt does not accept the password due to the account being locked, and it doesn't save the password in the credential manager.

    This appears to be the expected behavior when a user account gets locked out. And based on my understanding, it does make sense from the perspective of security.

    Given this, instead of attempting to keep the Exchange connectivity when an account gets locked, personally I'd recommend focusing on finding out the culprit of the persistent account lockouts issue.

    It's important to note that not all users encounter these challenges.

    Have you noticed if these affected users have anything in common? Like, are they happen to be using a same type of mobile device to connect the Exchange mailbox? If so, it's suggested to temporarily sign out from that device and see if there would be any improvement.

    Besides, here's some articles which include some of the common causes and troubleshooting steps for account lockouts issues for your reference:


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.