I have spent months pulling my hair out trying to resolve an issue where my account was being locked out regularly.
The issue was related to Site24x7, I was convinced but couldnt find where is was happening.....
I spent a day watching my account lockout very frustrating. The requests were coming from 5 servers. The event logs showed the calling host and then on the calling host the destination server.
I ended up using a process to find the task running.
Using lockout.exe on the domain controller i found the server locking me out.
From the source server, i ran the below powershell script:
"Get-WinEvent -ListLog * | % {Get-WinEvent -FilterHashTable @{LogName=$_.LogName;StartTime="06-09-2024 15:11";EndTime="06-09-2024 15:15"} -ea 0} | Sort-Object timecreated -Descending | Out-File C:\@it\Event_Logs1512_060924.txt"
This brought me to look at the DSC (Desired State Configuration)
This was tricky, the output related to Site24x7.
"Get-DscConfiguration", returned:
Navigating to the event in Eventviewer:
What is Desired State Configuration (DSC) in short "is a feature in PowerShell 4.0 and above that helps administrators to automate the configuration of Windows"
So it appears there is a task, which isnt visible in task manager, which was setup when I initiated a Bulk Deployment using the Site24x7 InstallAgent.ps1
How to clear the a pending desired state configuration.
in %system32%\Configuration (a restricted folder) there was the following pending.mof
I thought about clearing it by renaming the "pending.mof" file but not being sure of the outcome I looked further. I then cleared the pending state by launching an elevated Powershell prompt and using:
"Remove-DscConfigurationDocument -Stage pending -Verbose"
Removed the pending.mof configuration and cleared the status, this finally cleared my constant account lockouts and now my hair can grow back.