Forum Discussion
Frequent Account lockouts
We are having passthrough authentication setup and we see lot of errors recently with the below process
Process Information:
Caller Process ID: 0x8e4
Caller Process Name: C:\Program Files\Microsoft Azure AD Connect Authentication
Agent\AzureADConnectAuthenticationAgentService.exe
Users are getting locked out too frequently. The auditing software points to the server where AD connect is installed. I am not sure why this is happening but need your advice and suggestions please. Thank you all.
1 Reply
Hi! When you say that users are locked out, do you mean that their AD accounts are actually locked. Or that Authentication fails?
The process name refers to the PTA (Pass Through Authentication) agent that is as default installed on the Entra connect server. So it makes sense that the auditing tool refers to that server.
Some questions to understand your environment better
- How many users do you have approx?
- How many PTA agents do you have in your environment? If you are a big environment and only have one PTA agent this can cause timeouts in periods of high authentication volumes
- What version of the PTA agent are you on?
The lockouts could also be legitimate, since the PTA method requires all authentication requests to pass through to the on-prem AD this opens up the door for Brute Force attacks towards your on-prem AD environment, which can cause your users accounts to lock frequently.
If you in your Auditing software or Entra Sign in logs see a lot of failed sign in attempts of the users that report that their accounts are locked out, this is probably the root cause.
I would recommend that you look into configuring Smart lockout
https://learn.microsoft.com/en-us/entra/identity/authentication/howto-password-smart-lockout
Hope this helps and let me know how it goes :) Feel free to mark my reply as a solution if this pointed you in the right direction
Kind Regards
Oliwer
