Question

Q: Windows 10 Domain joined locking out user account regularly

Scenario:

Windows 10 x64 PC joined to Windows 2012 Functional Level Domain - Windows Server 2012 R2 DC's

After a period of activity when a user returns to there PC and unlocks it, a short time later (a few minutes) the user is prompted with "Windows needs your current credentials".  After locking the PC, occasionally the PC will indicate that it is locked out.  Further if the prompt for Windows needs your current credentials is ignored the account will often lock out a short time later.

Further, sometimes the prompt for "Windows needs your current credentials" is not received and the account locks out.  Using AD Users and Computer and looking at the object modified time, it is possible to track to the DC which locked out the account and the reason why - Kerberos Pre-Authentication failed - see attached screenshots.

The PC's are domain joined, one having been part of the Windows Insider program for some time, and another an in-place upgrade from Windows 8.1 Enterprise.  Both PC's are ruining Windows 10 Enterprise - currently not activated.

Issue has been seen for a few builds, possibly from around build 10162, as described in the similar issue here: http://www.tenforums.com/network-sharing/7973-domain-account-locked-daily.html 



progress
 
Question Info

Views: 49474 Last updated: August 17, 2017 Applies to:
Windows / Windows 10 / Security & privacy / PC