account lockout question

[djc]

I had an account lockout that the actual user did not cause. I am assuming a
likely cause is someone else trying to login via Outlook web access / IIS
from the outside.

1) is there any other reason an account could get locked out beside failed
login attempts?
2) Where can I get good info on interpretting the IIS log files to
investigate this? nothing was reported in event viewer as a failed login
attempt.

any info is appreciated,
thanks.

 

[Joe Richards [MVP]]

1. No, bad logon attempts are the only thing that generates lockouts. Now it
could be automated system attempts for instance there is a bug in Win9x that
will cause 3 bad attempts to be sent to the DC for every single bad attempt made...

2. You don't have logging turned up enough then or you aren't looking on all
domain controllers.