Question
47218 views

Windows 10 Domain joined locking out user account regularly

Janson Ragon asked on

Scenario:

Windows 10 x64 PC joined to Windows 2012 Functional Level Domain - Windows Server 2012 R2 DC's

After a period of activity when a user returns to there PC and unlocks it, a short time later (a few minutes) the user is prompted with "Windows needs your current credentials".  After locking the PC, occasionally the PC will indicate that it is locked out.  Further if the prompt for Windows needs your current credentials is ignored the account will often lock out a short time later.

Further, sometimes the prompt for "Windows needs your current credentials" is not received and the account locks out.  Using AD Users and Computer and looking at the object modified time, it is possible to track to the DC which locked out the account and the reason why - Kerberos Pre-Authentication failed - see attached screenshots.

The PC's are domain joined, one having been part of the Windows Insider program for some time, and another an in-place upgrade from Windows 8.1 Enterprise.  Both PC's are ruining Windows 10 Enterprise - currently not activated.

Issue has been seen for a few builds, possibly from around build 10162, as described in the similar issue here: http://www.tenforums.com/network-sharing/7973-domain-account-locked-daily.html 

231 people had this question

Abuse history


Most Helpful Reply
techs uk replied on

I ticked this option for the user account and it hasn't locked out since.

I haven't noticed any negative effects, but as it's not the default I don't consider it a solution.

On the machine that caused the locked there were audit events when I used a different user/password to logon to a server in a remote desktop session. not an error, just that I was using and explicit password, (rather than implicitly the logged on user one). same time as the account lockout on the DC.

93 people found this helpful

Abuse history


progress