Users are successfully logging in to the system, however, when going into the incident management console are immediately locked out of the network… We can see that remedy is attempting to authenticate to the network again and sending user acct info with a null password through the USER log… BMC has also instrumented a debug arserver.exe to capture more information but that has not been helpful….
From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of Donald Morton Sent: Monday, June 14, 2010 5:53 PM To: [email protected] Subject: Re: 75. Users getting locked out ** How do you know it's sending a NULL password? Does the arplugin.log show that? Obviously, it is authenticating three times for one login attempt. I'd be curious to know if Remedy is trying to authenticate three times, or if some sort of AD gateway is doing it. Could it be trying each domain in turn and trying to determine the correct one, and getting the password wrong in all the other domains? Maybe by the time it gets to the right domain, you've used up all your attempts. On Jun 14, 2010, at 12:21 PM, "Moellmer, Matthew" <[email protected]> wrote: ** We can consistently recreate it through about a dozen users (others get locked out “sometimes”). Of the ones that get locked out consistently they simply login and open the incident management console… and voila, locked… That made us think maybe something related to licensing but all troubleshooting there also turned up empty. We have been working closely with IS to monitor exactly when it occurs and we can recreate it at will… BMC has been collecting log after log but I’m going on three weeks now…. From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of Danny Kellett Sent: Monday, June 14, 2010 12:57 PM To: [email protected] Subject: Re: 75. Users getting locked out ** Hi, Then can I ask is this happening when a person tried to login and it tries three times or is it where someone has already been logged on and then they try to do something and then they find they are locked out. We have found AR 7.5 sending authentication requests without a password which fails, then within a millisecond, it sends the password. Im starting to think its a “feature” Regards Danny This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. _attend WWRUG10 www.wwrug.com ARSlist: "Where the Answers Are"_ _attend WWRUG10 www.wwrug.com ARSlist: "Where the Answers Are"_ This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated.
