cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Account locking from microsoft IPs.

jaysheezzy
Copper Contributor

‎Dec 01 2023 04:27 AM

‎Dec 01 2023 04:27 AM

Account locking from microsoft IPs.

in our hybrid exchange an user is constantly locking for long. After checking logs I see it's locking on our on-prem servers. When I dig up exchange IIS logs it's locking with EAS ending with error code 401. I asked user to uninstall outlook/teams on mobile just to reproduce issue but that didn't help. I also disable ActiveSync for this user and that also didn't help. Checking logs further it seems those failed connections coming from Microsoft IPs. What else I can check. 

 

See the IPs in the end of each line............

jaysheezzy_0-1701433344769.png

 

Sample log from IIS logs ... 

 

jaysheezzy_1-1701433657863.png

 

Labels:
501 Views
0 Likes
2 Replies
Reply
2 Replies
LeonPavesic

‎Dec 04 2023 03:18 AM

‎Dec 04 2023 03:18 AM

Re: Account locking from microsoft IPs.

Hi @jaysheezzy,

it looks that the account lockouts are coming from unsuccessful authentication attempts originating from Microsoft IPs.

To try to solve this issue, try following these troubleshooting steps:

  1. Authentication Credentials Check:
    Verify that the request contains accurate authentication credentials.
  2. Username and Password Verification:
    Ensure correctness of the provided username and password.
  3. IP Address Filter Examination:
    If an IP address filter is in place, confirm that the connection is coming from an approved IP address.
  4. API Key Validation: Check the validity and expiration status of your API key.
  5. SPN Presence Check: If the Service Principal Name (SPN) is absent, use the Exchange Management Shell command Get-IntraOrganizationConfiguration to inspect OnPremisesDiscoveryEndPoint and OnPremisesWebServiceEndPoint.

401 Access denied when running Test-OAuthConnectivity - Exchange | Microsoft Learn

Hybrid Exchange causing account lockouts - Microsoft Community

401 Access denied when running Test-OAuthConnectivity - Exchange | Microsoft Learn

Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.


If the post was useful in other ways, please consider giving it Like.


Kindest regards,


Leon Pavesic
(LinkedIn)

0 Likes
Reply
jaysheezzy

‎Dec 06 2023 05:32 AM

‎Dec 06 2023 05:32 AM

Re: Account locking from microsoft IPs.

Hi Leon

Thanks for reply.

I tested OAuthConnectivity for impacted and that succeeded.

ResultType : Success
Identity : Microsoft.Exchange.Security.OAuth.ValidationResultNodeId
IsValid : True
ObjectState : New

Other than that, I tried to check Get-IntraOrganizationConfiguration

But there's no any values for OnPremisesDiscoveryEndPoint and OnPremisesWebServiceEndPoint.
it's blank.

OnlineDiscoveryEndpoint : Has value
OnlineTargetAddress : Has value
OnPremiseTargetAddresses : Has value
OnPremiseDiscoveryEndpoint :
OnPremiseWebServiceEndpoint :
DeploymentIsCompleteIOCReady :
HasNonIOCReadyExchangeCASServerVersions :
HasNonIOCReadyExchangeMailboxServerVersions :

User mailbox was on-prem where 90% users are using exchange online. I migrated this to exchange online but that didn't make any difference.
0 Likes
Reply