Administrator account locked...any solutions?

Similar Messages

• Administrator account locked/password was changed

  Hi All,
  Administrator account locked/password was changed. Is there any way to see the logs to see when this happened or by whom?
  Any way to lock this down then  it can't be changed by another administrator account? Limit it so it can only be seen/changed by  some people like A or B?
  Regards
  Trilochan

  Hi,
  I am able to see the log but we are having trouble reading them. They are not very straightforward i got some inforamtion about what a log contains in following link but the format is different from here.
  http://help.sap.com/saphelp_nw04/helpdata/en/03/37dc4c25e4344db2935f0d502af295/frameset.htm
  We are getting the log in this format so not able to find when and by whom.
  #1.5 #0017A438CB3C00240000023400001F1C00047F7D19D6AFB9#1266075187981#/System/Security/Usermanagement#sap.com/irj#com.sap.security.core.persistence#Guest#0####15e3ebd018b511df8b390017a438cb3c#SAPEngine_Application_Thread[impl:3]_0##0#0#Warning#1#com.sap.security.core.persistence#Java###Authentication failed on LDAP server: back end message #1#[LDAP: error code 49 - Invalid Credentials]#
  #1.5 #0017A438CB3C00240000023500001F1C00047F7D19D79CBB#1266075188044#/System/Security/Audit#sap.com/irj#com.sap.security.core.util.SecurityAudit#Guest#0####15e3ebd018b511df8b390017a438cb3c#SAPEngine_Application_Thread[impl:3]_0##0#0#Warning#1#com.sap.security.core.util.SecurityAudit#Plain###Guest     | LOGIN.ERROR     | NONE = null     |      | Login Method=[default], UserID=[jb99532], IP Address=[64.25.25.7], Reason=[Authentication did not succeed.]#
  #1.5 #0017A438CB3C001D000001E700001F1C00047F7D1D2D5575#1266075243998#/System/Security/Audit#sap.com/irj#com.sap.security.core.util.SecurityAudit#Guest#0####37476fe018b511dfc25b0017a438cb3c#SAPEngine_Application_Thread[impl:3]_16##0#0#Warning#1#com.sap.security.core.util.SecurityAudit#Plain###Guest     | USERACCOUNT.MODIFY     | USERACCOUNT = UACC.CORP_LDAP.066277700     |      | SET_ATTRIBUTE: lastpasswordchange=[0001266075243920], SET_ATTRIBUTE: passwordchangerequired=[false]#
  Regards
  Trilochan

• Administrator Account locked on Netweaver 7.1 Java Stack

  Hello all,
  I try to find a possibility how I can unlock the administrator account in Netweaver Java stack 7.1
  We do not have a double stack ABAP / JAVA installed so the solution with the SAP * falls off, I think
  What should I do so I can unlock the administrator account in Java ?
  Thanks in advance
  Best regards
  Vito

  Hi Prabhat,
  I have found a link which described my problem
  the emergency user is actually the SAP* User
  http://help.sap.com/saphelp_nwce711/helpdata/en/0b/50ad3e1d1edc61e10000000a114084/frameset.htm
  Thanks
  Best regards
  Vito
  Edited by: Vito Cecere on Jul 13, 2011 1:27 PM

• Administrator Account locked

  hi,
  in our Portal the Administrator Account gets locked every 2-3 hours. we also change the password in the secure store.
  is there a chance to find out, why? a central log or something? i can't analyze every log, because we have 7 instances with each 4 servers.

  Hi Andre
  If you check the security logs in j2ee/cluster/server<n>/log/system, when the user gets locked you will see log entries from the failed authentication attempt, and more information including hopefully the IP address of the machine where the request comes from, and the login module stack used during the authentication. Maybe this information will help isolate the origin of the invalid administrator password.
  An alternative approach, which is dependent on the version of the AS Java is to activate some tracing.
  There is a new trace location available for problems such as this - com.sap.security.core.locking
  You can get the info from this location by adding it to the Log Configurator service in the Visual Administrator if it is available, and adjusting the severity accordingly. Then examine the defaultTraces when the user gets locked
  However it is easier in this case to use the web diagtool. Follow note 1045019 to deploy the web diagtool, if not done before
  Then to start the trace, follow example 2 and add just com.sap.security.core.locking and start the trace. The potential problem here is that the diagtool will be running for 2-3 hours while you wait for the user to be locked, however hopefully by just tracing location com.sap.security.core.locking the resultant log will not be too large. The diagtool will capture traces from all servers in a system
  If the location is not available in the diagtool then perhaps it is not available for your system SP
  When the user is locked, hopefully the trace will give you information about the origin IP, the stack trace and the auth stack used

• Windows 7: Trust Relationship Error - Local Administrator Account Locked.

  I have 2 Windows 7 Professional machines that recently locked me out citing the "Trust Relationship between this workstation and primary domain failed".
   I assumed all I would have to do is log in as local administrator and remove it from the domain and then re-add it.  When I tried to log on, it told me that I have the password was incorrect - which I knew it wasn't.  After a
  few tries I got a different message that said that the account was locked.  No idea how this could have happened.  Every other local account was locked as well.
  I checked the AD on our 2003 server and I didn't see anything out of the norm.  The computers were in the correct OU, and were not disabled in anyway.  I searched online for a solution, but they all required me to be able to log on to the local
  admin, which is disabled.  
  I tried to boot to Safe Mode with a Command Prompt and typed in: net user administrator /active:yes .
   It told me that the change had been made, but when I reboot it still shows the local account as disabled.
  Any suggestions would be greatly appreciated.  
  Edit: It is Windows 7 Professional x64 

  I have had this issue twice as well. However I have been always been able to log in with local admin rights. removing then rejoining to domain seems to never get things back to normal for me. Once it is reset and joined back to the domain all software just
  seems to be missing but still there at the same time. Like Antivirus shows its installed in c:\program files but its not running. If I go to domain users start menu everything is missing but go into c:\program files and its all there. So every time I have
  seen this error a reimage is what I do seems to work a lot better than dealing with the head aches. Sorry I was not any help but that is my two cents.

• Java Administrator account locks frequently

  In our java only system, the administrator user (and others) lock frequently with failed logins.  Is there a way to determine the source of the lock, such as the originating IP address?
  We have a complex landscape, and as of yet have been unable to find a RFC or other connection with invalid credentials.
  Thank you.

  I found the answer myself.  It is logged:
  usr\sap\<sid>\<instance>\cluster\server0\log\system\security.0.log
  com.sap.security.core.util.SecurityAudit#Plain###Guest     | LOGIN.ERROR     | NONE = null     |      | Login Method=[default], UserID=[adminstrator], IP Address=[xxx.xxx.xxx.xxx], Reason=[Authentication did not succeed.]
  Hope this helps someone else.

• Visual Administartor account locked

  Hi,
  How to unlock vial administrator account. And also how to changes the password VA.Please help
  Thanks
  Kristene

  Hi,
  Check this thread-
  administrator account locked...any solutions?
  Regards,
  Moorthy

• After power down and a cold restart, I automatically restart in my Administrator Account.  Running 10.8.4 with one Administrator account, one user account and one guest account.  Recently downloaded and installed 3rd party software (Panorama).

  After power down and a cold restart, I automatically restart in my Administrator Account.  Running 10.8.4 with one Administrator account, one user account and one guest account.  Recently downloaded and installed 3rd party software (Panorama).  Installation required that I create a super user named Other with root privileges. I did so and successfully installed the 3rd party software.  I powered down a few days late and when I restarted, I went automatically to my Administrator account with no login password required.  I deleted the Other account, powered down and restarted with the same result - opened in Administrator.   I then followed the steps to disable root user, powered down, cold restart - same result, opened in Administrator account.
  Any suggestions?  Any thoughts?  Much appreciate any help you might offer.
  jtsinphl

  Welcome to Apple Support Communities
  Disable automatic login. Open System Preferences > Users and Groups > Login Options, press the padlock at the bottom left corner, and select "Off" next to "Automatic login"

• Help reseting original administrator account password, i

  resetting your password. I want to  Resetting the original administrator account password, any body want help me please I try  when I press alt key go manager  just one optios is mackintosh hd and have x.    Latter when I insert the disc 1 instal  the machine show me the forts Mac with x.  Second is disc 1 lnstall. Optio 3. In Mac test  for select I have choice with the mouse righ but when I choice install disc 1 software I press enter send again at administrator account pasword. Please help me  helpcplease thanks

  Forgot Your Account Password
  For Lion, Mountain Lion, or Mavericks
      Boot to the Recovery HD:
  Restart the computer and after the chime press and hold down the COMMAND and R keys until the menu screen appears. Alternatively, restart the computer and after the chime press and hold down the OPTION key until the boot manager screen appears. Select the Recovery HD and click on the downward pointing arrow button.
       When the menubar appears select Terminal from the Utilities menu.
       Enter resetpassword at the prompt and press RETURN. Follow
       instructions in the dialog window that will appear.
       Or see:
         Reset a Mac OS X 10.7 Lion Password
         OS X Mountain Lion- Reset a login password,
         OS X Mavericks- Solve password problems,
         OS X Lion- Apple ID can be used to reset your user account password.
  For Snow Leopard and earlier with installer DVD
       Mac OS X 10.6- If you forget your administrator password,
       OS X- Changing or resetting an account password (Snow Leopard and earlier).
  For Snow Leopard and earlier without installer DVD
      How to reset your Mac OS X password without an installer disc | MacYourself
      Reset OS X Password Without an OS X CD — Tech News and Analysis
      How To Create A New Administrator Account - Hack Mac

• I can't add another mail account since it's grey/locked out, any solutions?

  I can't add another mail account since it's grey/locked out, any solutions?

  Have you checked in Restrictions...
  See Pages 158 & 159 here  Ipad User Guide

• Prevent locking of Administrator account

  Hello,
  We'd like to expose our portal to the internet. This means everyone will be able to logon to the portal (after creating an UME user account). UME is configured to lock user accounts after 3 invalid login attempts.
  Now how can we prevent anonymous internet users to lock the Administrator account or other system accounts like ADSUser?
  The first option would be to implement this on the revert proxy, e.g. block requests containing j_user=Administrator either in the URL during a GET request or in the body during a POST request.
  However, because of performance reasons, especially because of the need to scan all POST requests, this option doesn't look very attractive.
  A second option would be to deploy a new JAAS LoginModule, configured to be always executed as the first one, that checks the username first and halts the login process if the username is Administrator and the request is coming from a certain IP (the reversed proxy), e.g. by throwing a RuntimeException in the login method (will that work? any other possibility besides throwing a RuntimeException?).
  This doesn't look as very clean solution either.
  What would be the best (safe, clean, easy) way to stop anonymous users from locking the Administrator user account?
  Thanks!
  Sigiswald

  At the end we decided to write a custom LoginModule anyway.
  import java.io.IOException;
  import java.net.InetAddress;
  import java.net.UnknownHostException;
  import java.util.ArrayList;
  import java.util.Arrays;
  import java.util.Iterator;
  import java.util.List;
  import java.util.Map;
  import javax.security.auth.Subject;
  import javax.security.auth.callback.Callback;
  import javax.security.auth.callback.CallbackHandler;
  import javax.security.auth.callback.NameCallback;
  import javax.security.auth.callback.UnsupportedCallbackException;
  import javax.security.auth.login.LoginException;
  import com.sap.engine.interfaces.security.auth.AbstractLoginModule;
  import com.sap.engine.lib.security.LoginExceptionDetails;
  import com.sap.engine.lib.security.http.HttpGetterCallback;
  import com.sap.security.api.IUser;
  import com.sap.security.api.NoSuchUserException;
  import com.sap.security.api.UMException;
  * <p>
  * <div>This LoginModule either succeeds or fails, but in fact it
  * <u>never</u> authenticates the user. What is meant is that even if
  * all relevant methods of the LoginModule API - i.e. login and commit
  * - return true, indicating success, the Subject is never
  * authenticated. Therefore this LoginModule should <u>never</u> be
  * configured as SUFFICIENT.</div>
  * </p>
  * <p>
  * <div>The purpose of this LoginModule is to abort the authentication
  * process in case an unauthorized user tries to authenticate as
  * administrator and thus it stops unauthorized users from locking
  * administrator accounts.</div>
  * </p>
  * <p>
  * <div>This LoginModule accepts two optional configuration
  * options:<ul>
  * <li>ip_allow</li>
  * <li>ip_deny</li></ul>
  * The value of both options is a comma separated list of IPv4 ranges.
  * e.g.
  * <code>ip_allow=145.50.76.81,145.50.77.0-145.50.77.255,194.196.236.70-194.196.236.71</code>
  * The localhost is added implicitly.</div>
  * </p>
  * <p>
  * <div>If the IP address of the client that sent the HTTP request is
  * within the range(s) defined by ip_allow and is not within the
  * range(s) defined by ip_deny, authentication succeeds. If this is
  * not the case, authentication fails if the user tries to
  * authenticate by username (and password) and supplies the username
  * of an existing UME user that is assigned the internal_use_only
  * role. Otherwise, authentication succeeds.</div>
  * </p>
  * <p>
  * <div>To meet its purpose, i.e. prevent the locking of administrator
  * user accounts, this LoginModule <u>should</u> be configured as
  * <u>REQUISITE</u> and should be in the login stack <u>before</u> the
  * standard BasicPasswordLoginModule.</div>
  * </p>
  * @author smadou
  public final class AdministratorFilterLoginModule extends AbstractLoginModule {
    private static final String INTERNAL_USE_ONLY =
      LogonUtil.getRoleid("internal_use_only");
    private static final String IP_ALLOW = "ip_allow";
    private static final String IP_DENY = "ip_deny";
    private static boolean initialized;
    private static List IPRANGE_ALLOW = new ArrayList();
    private static List IPRANGE_DENY = new ArrayList();
    private CallbackHandler callbackHandler;
    private boolean succeeded;
    public void initialize(
      Subject subject,
      CallbackHandler callbackHandler,
      Map sharedState,
      Map options) {
      super.initialize(subject, callbackHandler, sharedState, options);
      this.callbackHandler = callbackHandler;
      this.succeeded = false;
      AdministratorFilterLoginModule.initialize(options);
    public boolean login() throws LoginException {
      try {
        if (ipAllowed()) {
          succeeded = true;
          return true;
      } catch (UnsupportedCallbackException e) {
        throwUserLoginException(e);
      } catch (IOException e) {
        throwUserLoginException(e, LoginExceptionDetails.IO_EXCEPTION);
      String logonid = null;
      IUser user = null;
      String userid = null;
      try {
        logonid = getLogonid();
        user = logonid == null ? null : LogonUtil.getUser(logonid);
        userid = user == null ? null : user.getUniqueID();
      } catch (UnsupportedCallbackException e) {
        throwUserLoginException(e);
      } catch (IOException e) {
        throwUserLoginException(e, LoginExceptionDetails.IO_EXCEPTION);
      } catch (NoSuchUserException e) {
        // TODO connect to NetWeaver logging API - DEBUG
        e.printStackTrace();
      } catch (UMException e) {
        throwUserLoginException(e);
      if (userid == null) {
        return true;
      if (user.isMemberOfRole(INTERNAL_USE_ONLY, LogonUtil.RECURSIVE)) {
        throwNewLoginException(
          "Access Denied to user with logonid "
            + logonid
            + " having role "
            + INTERNAL_USE_ONLY
            + "!");
      succeeded = true;
      return true;
    public boolean commit() throws LoginException {
      return succeeded;
    public boolean abort() throws LoginException {
      return succeeded;
    public boolean logout() throws LoginException {
      succeeded = false;
      return true;
    private static synchronized void initialize(Map options) {
      if (initialized) {
        return;
      IPRANGE_ALLOW.addAll(Arrays.asList(AddressRange.parseRanges("127.0.0.1")));
      try {
        IPRANGE_ALLOW.addAll(
          Arrays.asList(
            AddressRange.parseRanges(
              InetAddress.getLocalHost().getHostAddress())));
      } catch (UnknownHostException e) {
        // TODO connect to NetWeaver logging API - INFO
        e.printStackTrace();
      String ipAllow = (String) options.get(IP_ALLOW);
      String ipDeny = (String) options.get(IP_DENY);
      if (ipAllow != null && ipAllow.length() > 0) {
        IPRANGE_ALLOW.addAll(Arrays.asList(AddressRange.parseRanges(ipAllow)));
      if (ipDeny != null && ipDeny.length() > 0) {
        IPRANGE_DENY.addAll(Arrays.asList(AddressRange.parseRanges(ipDeny)));
      initialized = true;
    private String getClientIp()
      throws UnsupportedCallbackException, IOException {
      HttpGetterCallback hgc = new HttpGetterCallback();
      hgc.setType(HttpGetterCallback.CLIENT_IP);
      callbackHandler.handle(new Callback[] { hgc });
      return (String) hgc.getValue();
    private String getLogonid()
      throws IOException, UnsupportedCallbackException {
      NameCallback nc = new NameCallback("username: ");
      callbackHandler.handle(new Callback[] { nc });
      return nc.getName();
    private boolean ipAllowed()
      throws UnsupportedCallbackException, IOException {
      String clientIp = getClientIp();
      return match(IPRANGE_ALLOW, clientIp) && !match(IPRANGE_DENY, clientIp);
    private boolean match(List ipRanges, String ip) {
      for (Iterator i = ipRanges.iterator(); i.hasNext();) {
        AddressRange range = (AddressRange) i.next();
        if (range.match(ip)) {
          return true;
      return false;
  import com.sap.security.api.IRole;
  import com.sap.security.api.IRoleFactory;
  import com.sap.security.api.IUser;
  import com.sap.security.api.IUserFactory;
  import com.sap.security.api.NoSuchRoleException;
  import com.sap.security.api.NoSuchUserException;
  import com.sap.security.api.UMException;
  import com.sap.security.api.UMFactory;
  * @author smadou
  public final class LogonUtil {
    static final boolean RECURSIVE = true;
    static String getRoleid(String uniqueName) {
      try {
        IRoleFactory rf = UMFactory.getRoleFactory();
        IRole role = rf.getRoleByUniqueName(uniqueName);
        return role.getUniqueID();
      } catch (NoSuchRoleException e) {
        // TODO connect to NetWeaver logging API - WARN
        e.printStackTrace();
        throw new SecurityException(
          "NoSuchRoleException while getting role with unique name ""
            + uniqueName
            + "": "
            + e.getMessage());
      } catch (UMException e) {
        // TODO connect to NetWeaver logging API - WARN
        e.printStackTrace();
        throw new SecurityException(
          "UMException while getting role with unique name ""
            + uniqueName
            + "": "
            + e.getMessage());
    static IUser getUser(String logonid)
      throws NoSuchUserException, UMException {
      IUserFactory uf = UMFactory.getUserFactory();
      return uf.getUserByLogonID(logonid);
  * This code is based on
  * http: //drc-dev.ohiolink.edu/browser/fedora-core/tags/2.0/src/java/fedora/server/security/IPRestriction.java
  * @author smadou
  public final class AddressRange {
    private static final int IP_OCTETS = 4;
    private static final int OCTET_MIN = 0;
    private static final int OCTET_MAX = (int) Math.pow(2, 8) - 1;
    private long start;
    private long end;
    private AddressRange(long start, long end) {
      this.start = start;
      this.end = end;
    public boolean match(String address) {
      return match(parseAddress(address));
    private boolean match(long address) {
      return address >= start && address <= end;
    private static long parseAddress(String address) {
      String[] octets = address.split("\.");
      if (octets.length != IP_OCTETS) {
        throw new IllegalArgumentException("invalid adress: "" + address + """);
      long lAddress = 0;
      for (int i = 0, n = octets.length; i < n; i++) {
        lAddress += parseOctet(octets[ i ], n - i - 1);
      return lAddress;
    private static long parseOctet(String octet, int byteNum)
      throws NumberFormatException {
      long lOctet = Long.parseLong(octet);
      if (lOctet < OCTET_MIN || lOctet > OCTET_MAX) {
        throw new IllegalArgumentException("invalid octet: "" + octet + """);
      return lOctet * (long) Math.pow(Math.pow(2, 8), byteNum);
    private static AddressRange parseRange(String range) {
      String[] parts = range.split("-");
      if (parts.length > 2) {
        throw new IllegalArgumentException("invalid range: "" + range + """);
      long start = parseAddress(parts[0].trim());
      long end = parts.length == 1 ? start : parseAddress(parts[1].trim());
      return new AddressRange(start, end);
    public static AddressRange[] parseRanges(String ranges) {
      String[] parts = ranges.split(",");
      AddressRange[] addressRanges = new AddressRange[parts.length];
      for (int i = 0, n = parts.length; i < n; i++) {
        addressRanges[ i ] = parseRange(parts[ i ].trim());
      return addressRanges;

• How can I lock out my iCloud? Because of forget my old password and I have do a new Apple ID but when wan to log out my iCloud it call me to logout find my iphone but already forget the password . Have any solution ?

  How can I lock out my iCloud?
  Because of forget my old password I have create a new Apple ID
  But when I wan to log out my iCloud,it call me to logout Find My iPhone.
  I had already forget the password that why I create a new Apple ID.
  Have any solution for problem like this ?

  Apps and Music are not from iCloud. Are from iTunes and App Store.
  You can change this from: Settings>iTunes and App Stores>Sign out and sign in with new ID, but you will have to pay again to download apps that you already have in your old account. Or leave it as it is to share purchases with your son.

• After trying to change permissions on my computer so others on my network can access files, my external Hard Drive has a lock on it and I can't access files. I've tried repairing permissions, logging in under another Administrator account, using Terminal

  After trying to change permissions on my computer so others on my network can grab files, my external Hard Drive has a lock on it and I can't access files. I've tried repairing permissions, logging in under another Administrator account, using Terminal to fix the problem, downloaded BatChmod but nothing works… Any other suggestions? I have an Imac running OS10.6.8.

  There is suddenly a lock icon on my external backup drive!
  Custom Permissions

• Domain Administrator account being locked up by PDC

  Hi everyone,
  My PDC is locking up my domain administrator (administrateur in french) account.
  System event logs :
  The SAM database was unable to lockout the account of Administrateur due to a resource error, such as a hard disk write failure (the specific error code is in the error data) . Accounts are locked after a certain number of bad passwords are provided so please
  consider resetting the password of the account mentioned above.
  Level : Error
  Source : Directory-Services-SAM
  Event ID : 12294
  Computer : Contoso-PDC
  User : System
  There is absolutely no events in the security events log, not a single "Audit Failure" event for the "administrateur" account.
  I tried to change the name of the domain administrator account from "administrateur" to "administrator".
  Now there is "Audit failure" events poping up in the security event logs.
  Once again the Source Workstation is the PDC. I guess those events are there because it receive credential validation for an account who doesn't exist anymore since it have been renamed in "Administrator".
  Here is the detail log :
  An account failed to log on.
  Subject:
  Security ID: NULL SID
  Account Name: -
  Account Domain: -
  Logon ID: 0x0
  Logon Type: 3
  Account For Which Logon Failed:
  Security ID: NULL SID
  Account Name: Administrateur
  Account Domain: CONTOSO
  Failure Information:
  Failure Reason: Unknown user name or bad password.
  Status: 0xc000006d
  Sub Status: 0xc0000064
  Process Information:
  Caller Process ID: 0x0
  Caller Process Name: -
  Network Information:
  Workstation Name: CONTOSO-PDC
  Source Network Address: -
  Source Port: -
  Detailed Authentication Information:
  Logon Process: NtLmSsp
  Authentication Package: NTLM
  Transited Services: -
  Package Name (NTLM only): -
  Key Length: 0
  This event is generated when a logon request fails. It is generated on the computer where access was attempted.
  The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
  The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
  The Process Information fields indicate which account and process on the system requested the logon.
  The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
  The authentication information fields provide detailed information about this specific logon request.
  - Transited services indicate which intermediate services have participated in this logon request.
  - Package name indicates which sub-protocol was used among the NTLM protocols.
  - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
  On the PDC i checked :
  Services : None of them are started with the "administrateur" account
  Network Share : There is no network share ...
  Task Scheduler : None of the tasks are launch with the "administrateur" account.
  And the logon type (3:network) seem to indicate that the login comes from an other computer but i have nothing to look for, not a single IP.
  Any ideas?
  ps : Sorry for the probable english mistakes :(

  Hi,
  Thanks for you answers.
  San4wish :
  Lockout tool confirm that the domain administrator account is locked on my PDC. I didn't run eventcomb but i though it only helped parsing security event logs which i did "manually". Anyway i'll try eventcomb after this week end.
  About the conficker worm : I looked into it and this worm was exploiting a vulnerability in the server service. It have been patched by MS08-067 (KB958644) and this kb isn't available for Windows 2008 R2 and Windwos 2012 so i guess Windows 2008 R2 have
  fixed this vulnerabilty.
  So i doubt its a conficker type worm.
  Also i gave the PDC role to another DC (let's call him DC2) and now DC2 is locking the administrator account so it seems that the computer locking the account is doing it through the network and it's not something executed on the DCs.

• ABAP+JAVA System Copy -- Administrator account getting locked

  Hi,
  I am in the process of doing system copy of my portal to a new server. As per the SAP instructions, I had updated the JDK and SP levels of my EP to the latest supported ones.
  Now when i am doing JAVA Add-in Export of my system, SAPinst is throwing error that --
  "Error connecting to http://Entportal:50000/sap/monitoring/SystemInfoServlet. The provided user data might be incorrect or user might be locked.:
  and when I check the "administrator" user account, it is getting locked. Even though I manually unlock it and update the password is secure storage, still when I run SAPinst, again it is getting locked. I have also chnged the path of my temporary directory to c:\temp which has no spacees in it, according to SAP instructions.
  I have raised the issue through OSS, but still, in the mean time can sombody help me?
  Regards,
  Mandar

  Hi Akshay,
  I am not using any ID. SAPInst itself is trying to access systeminformationservlet using administrator account. at this stage it is failing to get the correct password and thats why my administrator account is getting locked.
  Regards,
  Mandar.