The referenced account is currently locked out and may not be logged on to

You receive the error, "The referenced account is currently locked out and may not be logged on to" or, "The referenced account is currently locked out and cannot be logged on to". This means an account is locked out and cannot be used by the application.

There can be several causes for this error. Typically, it's one of the following:

  • An account has had its password changed recently (either manually or automatically through the Default Domain Policy GPO or Local Security policy) and there are still one or more services (including software) that are using the old password and therefore causing the account to be locked out.
  • Incorrect credentials were used in the setup of Options > Credentials and/or Options > Console Users.

In order to correct for this, you can attempt to determine the source of account lockout. Microsoft has guidance for doing so in their Tracing the Source of Account Lockouts blog article.

To resolve this issue, try the recommendations below. Make sure you unlock any account you are attempting to use before performing the following and ensure the account does not lock again (generally checking a DC, ADUC or the local accounts if not using a DC):

  • Re-input all credentials in Options > Credentials and Options > Console Users and testing each set of credentials to ensure they are accurate.

  • Reset the Background Service credentials using the following instructions (also found Here).
    1. Close any PDQ console(s) you have open, including the error message dialog box.
    2. Open services.msc (Start > Run > services.msc).
    3. Navigate to the PDQDeploy or PDQInventory service (whichever program threw the original error) and right-click the service > Properties > Log On tab. Note the account used to start the Background Service. Should the service be running, by some miracle, stop the service first.
    4. Change the credentials to Local System. IMPORTANT: Do not run the service as Local System. This is only temporary in order to reset the credentials. Click Apply. Do not click OK or close the window.
    5. Click This account and enter the credentials for the Background Service you noted in Step 3. For best results, use the UPN format. Do not leave as Local System.
    6. Start the service or restart the service, if it is running. Alternately, you can open the PDQ console, which will also start the service if it is not running.
Was this article helpful?
Still have a question or want to share what you have learned? Visit our Community Discord to get help and collaborate with others.