Got it, tyvm sir. From: [email protected] [mailto:[email protected]] On Behalf Of Michael B. Smith Sent: Tuesday, November 11, 2014 4:16 PM To: [email protected] Subject: [Exchange] RE: Account lockout from CAS
Two different things. A partnership is an object attached to an AD user that defines the folders/items/etc. attached to a specific device, by useragent and serialnumber. Disabling activesync indicates that a particular authenticated user is not authorized to perform activesync. However, the user must still be authenticated prior to making the authorization decision. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Kennedy, Jim Sent: Tuesday, November 11, 2014 4:09 PM To: '[email protected]' Subject: [Exchange] RE: Account lockout from CAS It will log as disabled so I would hope it won't get to do a password attempt. But I am unsure. User "MungedUser" cannot synchronize their mobile phone with their mailbox because Exchange ActiveSync has been disabled for this user. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Jason Benway Sent: Tuesday, November 11, 2014 4:05 PM To: [email protected]<mailto:[email protected]> Subject: [Exchange] RE: Account lockout from CAS Once I remove the partnership and bounce the CAS, will that device be able to try to authenticate with a bad password enough to lock an account? jb From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Kennedy, Jim Sent: Tuesday, November 11, 2014 3:55 PM To: [email protected]<mailto:[email protected]> Subject: [Exchange] RE: Account lockout from CAS Regarding the activesync partnerships bounce the CAS, the connections often have a life of their own. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Jason Benway Sent: Tuesday, November 11, 2014 3:50 PM To: [email protected]<mailto:[email protected]> Subject: [Exchange] Account lockout from CAS We have a handful of users getting their accounts locked out multiple times a day. We've looked the security logs on the CAS and can see the external IPs locking these account, in some cases the external IP changes daily. We've removed all activesync partnerships and I tried disabling OWA and activesync access on these accounts, but they are still getting locked from outside. Anything else I can look for or at before we go the extreme route and change their username? Does removing the partnership remove the username password from the mobile device or does it just keep trying to sync? Does blocking OWA and activesync for the user, still allow someone to browse to the OWA site enter the username and then keep entering a bad password to lock the account? This is Exchange 2010. Thanks,jb Jason Benway Infrastructure Manager 616-850-1208 fax www.jsjcorp.com<http://www.jsjcorp.com> [cid:[email protected]] JSJ Corporation 700 Robbins Road Grand Haven, MI 49417 ________________________________ This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.
