Share via

Getting Error while logging into the azure machine

Jain, Smita 0 Reputation points
2024-02-27T06:24:49.3066667+00:00

Some of my azure machines are giving me error saying "As a security precaution, the user account has been locked because there were too many logon attempts or password change attempts. Wait a while before trying again, or contact your system administrator or technical support". This issue is either encountered while logging into the machine or when the machine is left unattended for sometime.

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
9,014 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. innovation gadget 155 Reputation points
    2024-02-27T06:27:43.6333333+00:00

    Hello Jain, Smita

    The error message you're encountering, "As a security precaution, the user account has been locked..." indicates the machine has built-in security mechanisms that lock accounts after a certain number of unsuccessful login or password change attempts. Here's how to address this issue:

    Understanding Account Lockout Policies

    • Duration: Check your domain's or local machine's account lockout duration settings. This determines how long an account stays locked after too many failed attempts. It's typically a temporary lockout.
    • Automatic Unlock: In most configurations, accounts automatically unlock after the lockout duration expires. If they don't, you'll need administrator intervention.
    • Thresholds: Find out how many incorrect login/password change attempts trigger a lockout. This helps understand the sensitivity.

    Resolving the Issue: Wait: If the lockout is temporary, the easiest solution is to wait for the duration of the lockout and try again. Reset Password: If you forgot the correct password, reset it using the appropriate reset procedures depending on whether:

    • The machine is domain-joined (contact your domain administrator)
      • The machine is using a local account (use password reset mechanisms for local accounts)
      Administrator Unlock: If the account remains locked even after the lockout period, a domain or local administrator will need to unlock it manually using tools like: - Active Directory Users and Computers (for domain accounts) 
         - Local Users and Groups (for local accounts)

    Preventing Recurrent Lockouts

    • Strong Passwords: Enforce strong password policies to minimize incorrect login attempts.
    • RDP Security: Secure your RDP connections to prevent brute force attacks.
      • Limit exposed ports
        • Use strong authentication
          • Consider Network Level Authentication (NLA)
          • Monitoring: Check logs for suspicious activity that might indicate unauthorized attempts.

    Important Note: The specific steps for resetting passwords and unlocking accounts depend on your domain policies and the tools used to manage your systems. Consult your system administrator for assistance if needed.

    0 comments
  2. kobulloc-MSFT 26,801 Reputation points Microsoft Employee Moderator
    2024-02-29T00:20:19.1366667+00:00

    Hello, @Jain, Smita ! What should I do if I get an unexpected As a security precaution, the user account has been locked because there were too many logon attempts or password change attempts. Wait a while before trying again, or contact your system administrator or technical support when attempting to connect to my VM?

    You'll get this message if there are multiple failed login attempts, which usually means that an unauthorized user is trying to get access to your VM(s).

    If you have allowed public access to your VM (public port/IP), you will need to take great care in ensuring that you have taken as many security precautions as possible to prevent attackers from gaining access to your VM through brute force attacks or other means.

    • Azure Virtual Machines security overview
      A more complete list of considerations for security. Pay special attention to Security baselines and then Linux/Windows.
    • Network security groups
      Allows you to create rules for network access to and from the VM.
    • Conditional access policies
      These are evaluated and enforced every time an attacker attempts to sign-in. Organizations can protect themselves from attacks that leverage stolen credentials by enabling policies such as compliant devices or trusted IP address requirements.
    • Feature: Enable just-in-time access on VMs
      Allows access to the VM during a small window as needed.
    • Feature: What is Azure Bastion?
      Drops public IPs and prevents exposing your VM to the outside world by using the Azure portal to access your VM via RDP/SSH.
    • Feature: Entra ID login for Windows / Entra ID login for Linux
      Uses Microsoft Entra ID as the core authentication platform to RDP/SSH to your VM which can be controlled and enforced by role based access control (RBAC) and conditional access policies.

    This is also a good time to review security for your Azure subscription:

    • Enable MFA if it is not already enabled
      This is the single most effective step in preventing compromised accounts.
    • Create an emergency access account
      This is critical in preventing you from being accidentally locked out.
    • Review activity logs and billing activity
      This may help in identifying suspicious resources.

    I hope this has been helpful! Your feedback is important so please take a moment to accept answers.

    If you still have questions, please let us know what is needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A! User's image

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.