Account Lockout Troubleshooting Procedures

There are various reasons for account lockouts on the WSSU network. The most common are:

  1. When attempting to log in, a user enters their credentials incorrectly, at least 3 times. In this instance, the account will automatically be locked by Microsoft for 30 minutes. This 30 minute lockout period cannot be overridden by OIT.
  2. A user is logged on to a university computer, other than their primary computer, and a password change is performed on their primary computer.  Because of this, the other computer in which they are logged into occasionally tries to validate the old credentials and is unable to do so, causing the account to be locked out.  The user is sometimes unaware they are logged in somewhere else, such as a lab machine, their personal laptop, or a university-issued laptop.  This will continue until the user logs out of the offending computer, or until the computer is shut down.  It may be necessary to have the Technology Infrastructure Server Team track this down after other troubleshooting attempts have failed.
  3. Handheld devices that attach to the network, has become the most common reason for accounts to be locked out.  There are generally two places on each device where passwords need to be changed, which are wireless and email.  The user connects through a wireless network to the WSSU SSID, and/or the user receives email on their device, which requires the user to enter logon credentials during the setup.  If a password change has occurred, the device must also be changed, or the user will continue to be locked out.

The following is a checklist and troubleshooting tool for finding the cause of the lockout. Keep in mind that sometimes there are multiple devices that can cause lockouts. Be aware that the user sometimes assumes that a particular device cannot be causing the issue and therefore does not disclose it. Also, if a user checks their university email on a device at home, that device can be causing the issue. Wireless access is not an issue until the user brings the device on campus. Check all of the following:

  1. User has a personal and/or business smartphone.
    1. If wireless is necessary, it can be configured for the Students SSID which has an access password that is not tied to their user account.
    2. For email, it is best to delete the user’s WSSU email account and re-establish it with the correct credentials.
  2. User has an iPad, or other tablet device.
    1. Go to the wireless section in the device setup and go through the steps necessary to “Forget This Network” for the WSSU SSID.  Then preferably, set up the wireless connection on the Students SSID, since it uses an access password that is not tied to a user account.
    2. For email, it is best to delete the user’s WSSU email account and re-establish it with the correct credentials.
  3. For all laptops, turn off the wireless access, shut the laptop down completely, plug it into the network using a wired connection, turn the laptop on and log into the network with the new password.  This is currently the only method to change the password on the laptop and insure it is in sync with Active Directory.  Be sure to also determine whether the user has a personal laptop he/she is using.  If so, check the wireless credentials on it.  It is also possible that the user has a WSSU email account set up on their personal laptop.  If so, the credentials must be changed there as well.
  4. If the above procedures fail to rectify the issue, have the user do the following:
    1. Log into Citrix or webmail at home several times in the evening.  If the user can log into WSSU systems in the evening, then most likely they are bringing the device with them when they come to work that is causing the lockout.  In order for this to be an effective test, WSSU email accounts need to be deleted from any mobile devices.
    2. Have the user completely turn off all devices including laptops and home computers and then monitor for lockouts.  The user may continue to work on their desktop.  If the lockouts disappear, then turn on each device one at a time and continue to monitor for lockouts.  Wait for at least 2 hours before determining that the device is not causing issues.  Continue with turning on the next device and monitoring until the offending device is identified.  If a user continues to get locked out after all devices are turned off, then the problem is most likely that a user is logged into another computer, or they have not disclosed all devices.
    3. Keep in mind that it is also possible for another user to attempt to log in as any user on the network and lock someone out.  Although rare, it is still possible.

 

Was this helpful?
33% helpful - 3 reviews