Originally posted Tuesday, October 23, 2007 10:17 AM
I had the issue of configuring a windows service to log on as a service account. This repeatedly caused the account to become locked out. For me, this was happening when installing a Microsoft Cluster Server (MSCS) cluster, but it can happen on any service account.
This will also happen during the installation wizard of MSCS, as well as other installation wizards (MSSQL, etc.) which ask you to enumerate a service account.
In this scenario, you can log onto the server fine yourself interactively. You've checked all the other settings clearly listed in the white paper, but you're still stuck.
Naturally, make sure you're using the right password. That much the white paper will tell you.
This will also happen using the default Windows Server 2003 Service Pack 2 installation if the domain you are using is set up to use the LanManager Compatibility setting of 3, as the default setting is 2.
Change HKLM\SYSTEM\CurrentControlSet\Control\Lsa\lmcompatibilitylevel to match that used by the domain. Restart the computer.
This one cost me 1.25 days.
References:
LanManager Compatibility:
There are many out there - do a search on the Microsoft site using the string, "Control\Lsa\lmcompatibilitylevel". Here's a good overview:
http://support.microsoft.com/kb/239869/en-us
MSCS white paper:
http://technet2.microsoft.com/windowsserver/en/library/5812f3be-8d62-4a27-a865-c6e79a7245c61033.mspx
Search stuff:
Account lockout service account
Windows 2003 MSCS Wizard Installation