Terminal Server with Roaming Profile Locks Accounts

Giganews Newsgroups
Subject: Terminal Server with Roaming Profile Locks Accounts
Posted by:  jwgoerli…@gmail.com
Date: 3 Jan 2007

Hello group,

I have an interesting issue. There are several Windows XP desktop
machines along with Windows 2003 Terminal Servers, in one domain. The
Terminal Servers have roaming profiles configured.

Users, when prompted at the desktop, change their passwords every
90-days. They then logon to their machines and establish RDP sessions.
The Terminal Servers log the users on using the new passwords. However,
the users' accounts are then promptly locked out. If the account is
unlocked, it is locked out again the next time the user logs onto a
Terminal Server. This continues until I reboot the server.

Checking the logs, I see that logging into Terminal Servers results in
several Account Logon failures (Event ID 680). The first two are
because of an incorrect password (0xC000006A) and then ten or more
account lockouts (0xC0000234). These all occur after the user has
successfully logged on but before the user profile completely loads.

Any suggestions appreciated.

J Wolfgang Goerlich