Posted inNão categorizado RDP Tutorial Windows Server

Error 0xC0000234 on VPS: Account Lockout, how to Resolve?

No Comments

In corporate environments or remote servers accessed via RDP (Remote Desktop Protocol), it is common to apply security policies to prevent unauthorized access. One of these measures is the automatic locking of user accounts after multiple login attempts with incorrect credentials. Although effective from a security standpoint, this mechanism can cause inconvenience for administrators and legitimate users who end up being prevented from accessing the system.

In this article, you will learn, step by step, how to identify and unlock an account blocked due to excessive authentication attempts via RDP. In addition to unlocking, we will discuss ways to review and adjust security policies to prevent the issue from recurring in the future.

Cause of the Problem

Account lockout is generally caused by an excessive number of unsuccessful login attempts. When this occurs, Windows activates a security policy that prevents new logins until the lockout expires or is manually removed.

This error is related to the code 0xC0000234 (STATUS_ACCOUNT_LOCKED_OUT), recorded in the system security logs.

Error reported when attempting to access via RDP.

Prerequisites

  • Administrative access to the server via noVNC available on the client panel dashboard.
  • Windows Server or Windows operating system with RDP support.

1. Access the Server via noVNC

From the client panel dashboard, select the “manage” option on the VPS you wish to access. Clicking on manage will open the server settings screen, scrolling down will allow you to find the control panel. Then click on “access server”.

Server control panel.

This will open the server screen. With the screen open, select the arrow located on the left center of the screen, then select “show additional keys” identified with a key symbol “A”, finally select “send ctrl-alt-del”.

Server screen with NoVNC.

Performing these procedures will request the administrator password, just add it and you will have access to the machine.

2. Open Computer Management

Press Win + R, type compmgmt.msc and press Enter.

To press windows + R on noVNC, select the arrow located on the left center of the screen, then select “show additional keys” identified with a key symbol “A”, finally select “press/release windows” and click R, repeat the process to release windows.

Windows + R on noVNC.

In the left side menu, navigate to: Ferramentas do Sistema > Usuários e Grupos Locais > Usuários and in the right panel click on the blocked user, which in this case would be the “administrator”.

Pathing to “users”.

3. Unlock the User

  • In the user properties window:
    • Uncheck the option “The account is disabled”, if it is checked.
    • If the option “The account is locked” is enabled, uncheck it as well.
    • Click OK.
Example of how the user should appear.

4. (Optional) Reset the Password

If you want to avoid login errors due to incorrect password:

  1. Right-click on the user’s name and select “Set Password…”
  2. Choose a new password (ensure it meets Windows password policies).
Options for the user.

5. (Recommended) Reset Attempts and Redefine Policy

You can also manually reset the lockout counter or set a shorter lockout time:

  • Press Win + R, type secpol.msc
  • Go to:

Políticas de Conta > Política de Bloqueio de Conta

And configure:

  • Invalid logon attempts limit: 5 (or another value)
  • Lockout duration: 5 minutes (for example)
  • Reset counter after: 5 minutes (for example)

If you wish to disable the lockout for logons, change the value of “Invalid logon attempts limit” to 0, this will disable the lockout and ensure it does not occur again in the future.

Pathing to “account lockout policy”.

(Alternative) Unlock via CMD

It is also possible to unlock the user via command prompt. To perform this process, open the command prompt as administrator and type: 

net user NOME_DO_USUARIO /active:yes
net user NOME_DO_USUARIO /unlock

Replace NOME_DO_USUARIO with the real account name.

Conclusion

Having access to the console via noVNC can be a lifesaver in critical situations such as account lockouts due to excessive login attempts. In this guide, we show how to use this feature to quickly regain control of the VPS, unlock users, and even adjust security policies to prevent future lockouts.

Keeping an administrative account always accessible, along with setting well-calibrated lockout policies, are good practices that help ensure the stability and security of the environment. Thus, even in the face of human errors or improper attempts, you will be prepared to act swiftly and securely.

If you want to see more tutorials like this, or learn more about the extensive world of IT, follow the master of the web on our blog or on our networks like YouTube, Facebook, and Instagram to see more posts like this!

Tags:

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *