User lock outs - Audit failures on Secuirty log

Tim Trotter 1 Reputation point


Several users at my job are getting locked out of their account due to too many login attempts even though they are claiming to have not attempted to log in for hours.

The security log shows an 'audit failure' with the device listed as our domain controller.

I've also gotten this with Kerberos listed as the device name.

Does anyone know if a service can be causing this? Or should I be more concerned about a brute force attempt?

Thank you

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,826 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Gary Reynolds 9,391 Reputation points

    Hi @Tim Trotter

    Have a look at this article, it might help identify why the accounts are being locked out.


    0 comments No comments