UserLock login Authentication issue

Question

Hi

The Active Directory UserLock client displays this error message after entering the OTP during login. Please advice.

I have shared the error message here

"ClsdException" caught, ID = 11("(NULL)"), last error =1398 ("(NULL)")

Thanks

Answer 1

Hello,

Thank you for posting the question on Microsoft Windows forum!

Based on the error message "ClsdException" caught, ID = 11("(NULL)"), last error =1398 ("(NULL)") which might be related to connectivity issues with the UserLock service. This error can occur when the machine with the UserLock agent installed is not connected to the corporate network. You can check the following points.
1.**Check Network Connectivity.**

1. Ensure the machine is connected to the corporate network.

1. Try **pinging the UserLock server** to confirm connectivity.

1. If using a VPN, verify that it is properly connected.

2.**Verify UserLock Service Status**.

1. Log into the **UserLock server** and check if the service is running.

1. Restart the **UserLock service** if necessary.

1. Check the **Windows Event Viewer** for any related errors.

3.**Confirm Active Directory Authentication.**

1. Ensure the **Active Directory domain controller** is accessible.

1. Check if the user account is **locked out** in AD by running the following Powershell command to verify if the account is locked

1. **Get-ADUser -Identity <username> -Properties LockedOut | Select-Object LockedOut**

   ![User's image](/api/attachments/82cb3b7c-72b7-4058-ad61-5dfcd4989ef9?platform=QnA)
   
4.**Validate OTP Credentials.**

1. Ensure the **OTP entered is correct** and not expired.

1. If using a mobile authentication app, verify that the time settings are synchronized.

5.**Investigate Event Logs**

- Open Event Viewer (eventvwr.msc) and navigate to:

1. **Windows Logs > Security** (Look for Event ID **4740** for account lockouts) for Event ID **4740** for account lockouts)

1. **Windows Logs > Application** (Check for UserLock-related errors)

   ![User's image](/api/attachments/8c17b446-4ba2-4dae-ba6a-796775b02372?platform=QnA)
   
6.**Test with Another User Account.**

- Try logging in with a different **Active Directory account** to see if the issue is user-specific.

Hope the above information is helpful!

Answer 2

Hello,

Thank you for posting the question on Microsoft Window forum!

Based on the error message "ClsdException" caught, ID = 11("(NULL)"), last error =1398 ("(NULL)") which might be related to connectivity issues with the UserLock service. This error can occur when the machine with the UserLock agent installed is not connected to the corporate network. You can check the following points.

1.Check Network Connectivity.

1. Ensure the machine is connected to the corporate network.
2. Try pinging the UserLock server to confirm connectivity.
3. If using a VPN, verify that it is properly connected.

2.Verify UserLock Service Status.

1. Log into the UserLock server and check if the service is running.
2. Restart the UserLock service if necessary.
3. Check the Windows Event Viewer for any related errors.

3.Confirm Active Directory Authentication.

1. Ensure the Active Directory domain controller is accessible.
2. Check if the user account is locked out in AD by running the following Powershell command to verify if the account is locked
3. Get-ADUser -Identity <username> -Properties LockedOut | Select-Object LockedOut

4.Validate OTP Credentials.

1. Ensure the OTP entered is correct and not expired.
2. If using a mobile authentication app, verify that the time settings are synchronized.

5.Investigate Event Logs

• Open Event Viewer (eventvwr.msc) and navigate to:

1. Windows Logs > Security (Look for Event ID 4740 for account lockouts) for Event ID 4740 for account lockouts)
2. Windows Logs > Application (Check for UserLock-related errors)

6.Test with Another User Account.

• Try logging in with a different Active Directory account to see if the issue is user-specific.

Hope the above information is helpful!