How To Stop Account Lockout In Exchange? Solution By Exchange Experts
Always Microsoft does not provide the solution to troubleshoot problems faced by Exchange clients. In a situation where the password is correct but, an account is locked, end users are unable to work with their account. Fortunately, we encountered a team of Exchange experts from worldwide who researched on this issue. They told that resetting password can be the problem solution but, it is like a red herring. Therefore, through this blog, experts gave the description on ‘how to stop account lockout in Exchange’.
Workaround to Resolve Disable Account Lockout Issue
Following points explain a short story, which will troubleshoot the problem on how to stop account lockouts in Exchange:
- A deep research says that the account is locked out through failed authentication attempts to the Microsoft Exchange server.
- ExMon tool is needed to determine all the connected network address that is coming from and conclude that these are generated from external devices, unavailable in the on-premises environment.
- A ‘Get-ActiveSyncDeviceStatistics’ command needs to be executed in Exchange PowerShell. This will show all the ActiveSync devices, which are associated with that particular account and come upon a blocked tablet in the server room. This blocked tablet is continuously attempting to authenticate mailbox using the previous password.
Now let us start with descriptive content for fixing the Exchange account lockouts problem.
With the help of Group policy on the Exchange server, find out the IP address where authentication failure is taking place. It is simple to state that –
‘If there is a locking out in an account of the Active Directory via Exchange server then, your MS Outlook app is running on another workstation due to which login failures are occurring.’
Here comes the major problem because there is failed authentication from the workstation that authenticates end users against the AD. It is of no worth to set back the previous password or recreate a new profile in Outlook for fixing the trouble. The only solution to stop account lockouts in Exchange server is to make use of ExMon. The Exchange server user monitoring tool lists down all the source IP addresses that are associated with mailbox access. Only MAPI connection is monitored by this utility. This means that SMTP, POP, or IMAP protocols are not supported by this software.
Note – Experts recommend that the disable account lockout issue is not caused by POP / IMAP / SMTP protocols.
ExMon is available for all editions of Exchange server, including 2013 and 2016. If you are using a cloud-based Exchange environment then, it will be possible to view and audit IP addresses of clients with their Office 365 account connections. The app monitors all the client connections and refreshes them by default in every minute. It is possible to refresh the wizard at any time by clicking on File >> Refresh Now button. Now check that – Is there any mailbox that is getting accessed by an external IP, which represents itself as internal IP of the on-premises firewall? The answer is definitely going to be Yes if the problem actually persists.
Microsoft Exchange server offers a slew script of handy PowerShell, which helps in rapidly locating the source of ‘Exchange account lockouts’. Execute following command line :
where, the will be the name of the mailbox, which was accessed by an external IP.
After the command execution, you will come to know what all devices are connected with that particular mailbox over ActiveSync. This ActiveSync is the synchronization/communication protocol utilized in the Exchange server. Now, it is possible for you to learn – device type, what agent is working on the device, and when the last synchronization took place.
The time comes where you have to check whether the listed devices are known to you or not. If not, immediately remove all the unknown devices and hence, your problem is resolved.
Conclusion
The cause of the ‘Exchange account lockouts’ problem is improper record maintenance of the devices where the account is being accessed. Removing the email account from unknown devices as well as outdated devices associated with the mailbox will resolve the hurdle. Exchange experts suggest that steps on ‘how to stop account lockouts in Exchange’ should be carried away by administrators only.
