JSI Tip 1485. Can't logon to LAN because of RAS lockout?

Jerold Schulman

July 28, 1999

1 Min Read
ITPro Today logo in a gray background | ITPro Today

If you have the Account Lockout feature enabled, unsuccessful attempts to logon via RAS will trigger the lockout.

To resolve the problem, apply SP4 or later.

If your RAS server is NOT a Domain Controller, run Raslock.exe to install the RAALM (Remote Access Account Lockout Manager). In Control Panel / Services, configure its' Startup to use a Domain Admins account (any account that has the right to edit user accounts).

Use Regedt32 to navigate to:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRemoteAccessParameters

Edit or Add Value name MaxDenials, a type REG_DWORD, and set the data value to the number of consecutive bad attempts before locking the account. A value of 0 disables RAS account lockout.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like