C&DS Team – Performing locked account troubleshooting

In many cases, end users are experimenting account lockout issues due wrong passwords tentative from
Purpose their mobile devices, nestle wireless access or any other 3rd party device that requires a password.
WHY

This standard routine is to guide the involved teams to troubleshoot and fix the mentioned issue.
Supported measure NA

Creation date 04.12.2012

Last revision date 02.02.2018

WHEN

Next revision date 02.02.2019

Time estimated 4 hours

Version Number 6.1

Start Point Client Team receives a ticket for persistent locked account issue.
WHAT

End Point Client Team closes the ticket with account lockout issue solved.
The involved support people should have the understanding and working knowledge about the Nestlé’s
Pre Requisite
infrastructure.
Audience Platform Team Members, Client Team, Field Services, and Network Team.
WHO

Owner Platform Team Maurílio Andrade

Coach, Marcos Pezzutti

Contributors & coach
Contributor, Edilson Silverio – Network Team

Approver Thiago Afonso.

Document Status: DRAFT / UNDER REVIEW / APPROVED / IN USE Page 1 of 14

 C&DS Team – Performing locked account troubleshooting
Routine steps overview:

Document Status: DRAFT / UNDER REVIEW / APPROVED / IN USE Page 2 of 14

 C&DS Team – Performing locked account troubleshooting

Standard Routine Details & Help Chain

Flow Input / Task / output Visuals, links & comments Help Chain
Input : NA
Request from Market via RM, phone,
e-mail

Task Description :
Client Team or Field Services
1 receives the ticket for persistent
locked account issue.

Output :
Client Team or Field Services
contacts the affected end user.

Who :
Client Team or Field Services member .
Input : NA
Contact the user in order to verify if
he/she has a 3rd party device.

Task Description :
Contacts the user and verify if he/she
2 has a 3rd party Device (tablet,
Smartphone)

Output :
User contacted.

Who :
Client Team or Field Services member.

Document Status: DRAFT / UNDER REVIEW / APPROVED / IN USE Page 3 of 14

 C&DS Team – Performing locked account troubleshooting
Flow Input / Task / output Visuals, links & comments Help Chain
Input :
Certify if the user has a third party
device.

Task Description :
Needs to ask the user if he/she has a
third party device (tablet,
Smartphone) with Nestle e-mail set
3
Output :
If NO, needs to verify all registered
passwords and applications on user
workstation and close the ticket.

If YES, needs to update the Nestle

password on mobile device

Who :
Client Team or Field Services member.
Input :
Update the password on mobile
device.
Wait 1 hour to check if the
Task Description : problem persists.
Update password for both email
4 account and wireless profile access
(NMD, Nestle Network wireless
profiles).

Output :
Password updated on mobile device.

Who :
Client Team or Field Services member.

Document Status: DRAFT / UNDER REVIEW / APPROVED / IN USE Page 4 of 14

 C&DS Team – Performing locked account troubleshooting
Flow Input / Task / output Visuals, links & comments Help Chain
Input :
Check if the problem was solved. NA
Task Description :
After 1 hour, to check with the end
user if the problem was solved.
5
Output :
If issue solved, close the ticket.

If issue not solved, add GISIT_IT DIR

SERVICES in collaboration.

Who :
Client Team or Field Services member
Input :
Add DIR SERVICES_WIPRO in
collaboration and provides which
domain controller the user is logged
on.
6 Task Description :
Add DIR SERVICES_WIPRO to
verify
Output :
Add DIR SERVICES_WIPRO in
collaboration and provide set logon
command output in the ticket update.
Client Team or Field Services member Client Team must inform which
open the command prompt from affected domain controller the user is
end user workstation, type the command
logged on in order to guide
“set logon” and report the output in the
ticket: where DIR SERVICES_WIPRO
member will start the
set logon troubleshooting.
LOGONSERVER=\\BRSAPB0008
On example above the output is
“BRSAPB0008”.

Who :
Client Team or Field Services member

Document Status: DRAFT / UNDER REVIEW / APPROVED / IN USE Page 5 of 14

 C&DS Team – Performing locked account troubleshooting
Flow Input / Task / output
Input :
Look for the source where the
account is being locked.
Task Description :
DIR SERVICES_WIPRO determines
7 the source.
Visuals, links & comments Help Chain
Log on the domain controller described on
“set logon” result, and determine the
source through Lockout Status
(LockoutStatus.exe) tool and event
viewer.

Output :
Determine what is the source system
that is sending wrong password
attempts to the Domain Controller

Who :
DIR SERVICES_WIPRO

Input : Case source name is CISCO, this means

The “source” found on previous step.
Task Description :
The source name indicates the caller
8 machine name that is sending the
wrong passwords attempts to the
domain controller.
Case the source name is a Cisco
device; Network team must be added
in the ticket collaboration.
that the bad password requests are
passing through a Cisco Access Point
(router) before authenticates on the
described domain controller. Probably the
bad password requests are coming from a
wireless device (tablet, Smartphone).

If no, reports back to Client Team or

Field Services to validate and update
the user workstation and applications
passwords.

Output :

Document Status: DRAFT / UNDER REVIEW / APPROVED / IN USE Page 6 of 14

 C&DS Team – Performing locked account troubleshooting
Flow Input / Task / output Visuals, links & comments Help Chain
If no, reports to Client Team or Field
Services to validate if the locks come
from any application or local
Windows service. Next step.

If Yes (source name = CISCO),

needs to determine the source IP
address. Step XX

Who :
DIR SERVICES_WIPRO

Input :
DIR SERVICES_WIPRO reports to Once application identified, the
Client Team or Field Services to ticket is assigned to the related
validate if the locks come from any Team. Step 10
9 application or local Windows service.
Case Client Team or Field
Task Description : Services fix the issue in the local
Client Team or Field Services looks workstation, the ticket is closed.
for any application the locks are
coming from, and assign to the
proper team.

Output:
Issued application or local Windows
service identified.

Who :
Client Team or Field Services
Input :
The team responsible for the Once lockouts reason is
application that generates the

Document Status: DRAFT / UNDER REVIEW / APPROVED / IN USE Page 7 of 14

 C&DS Team – Performing locked account troubleshooting
Flow Input / Task / output Visuals, links & comments Help Chain

10 account lockouts receives the ticket. figured out, the Team

responsible for the
application informs the end
Task Description : user and closes the ticket.
The application team perform the
troubleshooting.

Output:
Application password are validate
and fixed

Who :
Issued Application Team
Once the source and IP address
Input : found, the ticket must be
Source name found = “CISCO” The IP address can be checked using
updated and Network Team
Network Monitor tool. The steps to set
needs to be added in
11 Task Description : Network Monitor are described on
document Appendix collaboration on it.
Provide the IP address of Cisco
device that the user authentication is
passing through and add Network
Team (NETWORK LAN_ALPHA) in
collaboration.

Output :
CISCO IP addres and Network Team
added in collaboration;

Who :
DIR SERVICES_WIPRO

Input : The wireless device mac address is the

NETWORK LAN_ALPHA looks into key to determine its type and
the Access Point (CISCO) logs which manufactory.

Document Status: DRAFT / UNDER REVIEW / APPROVED / IN USE Page 8 of 14

 C&DS Team – Performing locked account troubleshooting
Flow Input / Task / output Visuals, links & comments Help Chain
is the wireless device.
The steps to find out the mac address are
Task Description : described on document Appendix.
NETWORK LAN_ALPHA collabores
12 in the ticket describing which is the
wireless device type that is sending
wrong password attempts to the
CISCO device.

Output :

The mac address and model of

device that is sending wrong
password attempts to the CISCO
device.

Who :
NETWORK LAN_ALPHA.

Input : NA
Get the mac address and model of
13 device that is sending wrong
password attempts to the CISCO
device.

Task Description :
Client Team or Field Services
contacts the user reporting the
device model and requests this
device to set the correct password on
it.

Output :
User contacted again and device
identified.

Document Status: DRAFT / UNDER REVIEW / APPROVED / IN USE Page 9 of 14

 C&DS Team – Performing locked account troubleshooting
Flow Input / Task / output Visuals, links & comments Help Chain

Who :
Client Team or Field Services
member.

Input : NA
User contacted and informed that the
reported device is the root of the
issue.

14 Task Description :
Once Network team provides the
device type, client team contacts the
user in loco, in order to type the
updated Nestle Active Directory
domain password on the device.

Case device not recognized, network

team needs to block the device;

Output :
If device identified, update the
password on it and proceed with
ticket closure.

If device not identified, ask Network

team to block it on device.

Who :
Client Team or Field Services
member.
Input : The steps block the mac address are
Client Team or Field Services asks described on document Appendix.

Document Status: DRAFT / UNDER REVIEW / APPROVED / IN USE Page 10 of 14

 C&DS Team – Performing locked account troubleshooting
Flow Input / Task / output Visuals, links & comments Help Chain
Network Team to block the device
mac address.

Task Description :

Case device is not identified, Client

15 team asks Network team to block the
device mac address on access point.

Output :
Device blocked in the access point

Who :
NETWORK LAN_ALPHA

16 Input :
If still not able to find the source, have to
go with this step.
AD team to fetch the bad passwords
triggered for the account from
LOCKOUT TOOL.

Task Description :
Check the lockout status of the
affected user account using account
lock tool in PDC server to know the
last lockout meta information.

Track the list of DC’s within 3 days

which had bad password hit (last
lockout) recently occurred.

Fetch the events from relevant DC’s

Document Status: DRAFT / UNDER REVIEW / APPROVED / IN USE Page 11 of 14

 C&DS Team – Performing locked account troubleshooting
Flow Input / Task / output Visuals, links & comments Help Chain
using below command.,

Get-EventLog Security -Message

"*(user name)*" | fl

Output :
Logs can be fetched.
And need to analyse with the logs
further to find the source.

Who :
DIR SERVICES_WIPRO
Input : NA
Issue solved.

Task Description :
17 Once issue solved, ticket can be
closed.

Output :
Ticket closed.

Who :
Client Team or Field Services
Member, or Network Team Member.

Document Status: DRAFT / UNDER REVIEW / APPROVED / IN USE Page 12 of 14

 C&DS Team – Performing locked account troubleshooting

Appendix
Account lockouts in Active Directory environment

Account lockout is a feature of password security in Acive Directoy that disables a user account when five tentatives of
failed logons occur due to wrong passwords within a certain interval of time. The purpose behind of account lockout is to
prevent attackers from brute-force attempts to guess a user's password.
But, in many cases, end users are experimenting account lockout issues due wrong passwords tentatives from their mobile
devices, nestle wireless access or any other 3rd party device that requires a password.
This standard routine is to guide the involved teams to troubleshoot and fix the mentioned issue.

SR Template version control

Version What has been changed Who When
1.0 Standard Routine Creation Maurílio Andrade 04.12.2012
2.0 Added more steps on overview chart and respective explanations Maurílio Andrade 12.12.2012
3.0 Reviewed Muhammad Imran 10.09.2013
4.0 Reviewed & Added Help Chain on flow 7, 9 and 10 Sodsri Indontree 08.10.2013
5.0 Document review Maurílio Andrade 10.12.2014
5.1 Document review Maurílio Andrade 18.12.2015
6.0 Added the steps 9, 10, 11. Maurílio Andrade 17.08.2017
6.1 Updated the names of assignment groups Maurílio Andrade 02.02.2018
6.1 Added step-16 Rajan Vadivel 29.08.2018

Document Status: DRAFT / UNDER REVIEW / APPROVED / IN USE Page 13 of 14

 C&DS Team – Performing locked account troubleshooting
Link to this Document:
http://ecm.ctr.nestle.com/globelib/drl/objectId/0900f3d381fbf9f9

Communication, Training and Coaching

When Training Session Description Who Status
15.12.2012 L3 Client Team KT session Maurílio Andrade Done
15.12.2012 L3 Network Team KT session Maurílio Andrade Done
15.12.2012 L2 C&DS Team KT session Maurílio Andrade Done

Document Status: DRAFT / UNDER REVIEW / APPROVED / IN USE Page 14 of 14