question

BorutMCP2000 avatar image
0 Votes"
BorutMCP2000 asked ·

After changing password MS / O365 Exchange server are locking my on premise account

Hi,
I have changed my service admin account password.
Setup Exchange server is hybrid.
After password change, Service account is lock out immediately after account is unlocked…
Event ID : 4740
TargetUserName : My service account
TargetDomainName : Random MS servers : VI1P195MB0141, VI1P195MB0655, VI1P195MB0463, PR3P195MB1008, VI1P195MB0256, AM9P195MB0919
Migration point run under different account. But hybrid was setup with my service account. Exchnage server is 2013.

Br,
Borut

office-exchange-server-administrationoffice-exchange-online-itprooffice-exchange-hybrid-itpro
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

KyleXu-MSFT avatar image
0 Votes"
KyleXu-MSFT answered ·

@BorutMCP2000

I think this phenomenon is caused by hybrid configuration using old account information to verify connection, then account blocked by wrong password. So, I would suggest you create a dedicated admin account for Exchange hybrid, then use this account to rerun HCW.

You can also check whether there are other event logs that record why the account was blocked.

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 7 ·
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

BorutMCP2000 avatar image BorutMCP2000 ·

Hi KyleXu-MSFT,
I run HCU with different account and account is still lock.
Migration point also run with different account.
I get thousand POST /EWS/mrsproxy.svc events with exchangecookie and are address to old (almost 6 month) public access point.
BR,Borut

0 Votes 0 ·
KyleXu-MSFT avatar image KyleXu-MSFT BorutMCP2000 ·

I would also suggest you have a check the account that used for AAD connect.

0 Votes 0 ·
BorutMCP2000 avatar image BorutMCP2000 ·

Hi KyleXu-MSFT,
AAD connect use totally different user.
Br,
Borut

0 Votes 0 ·
KyleXu-MSFT avatar image KyleXu-MSFT BorutMCP2000 ·

You can follow this blog to find detailed information about why this account was blocked, from this blog, we can know this account was blocked by which service. Then try to prevent this account from being blocked. You can also confirm with Windows Server teams to find the detailed information.

Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

0 Votes 0 ·
BorutMCP2000 avatar image BorutMCP2000 ·

Hi KyleXu-MSFT,
?
AD DS -> Security log : Account lock by O365 Exchange server "invalid username or password" , Exchange server, Account invalid user name and password, O365 Exchange server with Microsoft IP range.
Br,
Borut

0 Votes 0 ·
KyleXu-MSFT avatar image KyleXu-MSFT BorutMCP2000 ·

I would suggest you enable detailed log and check whether could know which services is keeping using old password. As far as I know, the admin account only used to create AAD connect and Hybrid, there doesn't exist other configuration needed admin account.

If we cannot find the correct services, we may need to keep this account blocked and using a new admin account to replace it.

0 Votes 0 ·
KyleXu-MSFT avatar image KyleXu-MSFT BorutMCP2000 ·

Any update about this thread now?

0 Votes 0 ·