Block BO user after 3 unsuccessful logon attempts
Hi Guys,
I want to block BO user after after 3 unsuccessful logon attempts logging through infoview. Is there anyway to configure this option? Currently the account is not blocked after any number of unsuccessful logon attempts.
Product Version : 11.5.12.1838 (BOXI R2)
Regards,
Sasi
It is only available to Enterprise users because BO doesn't have the authority to lock domain accounts out.
Go into the CMC and choose authentication
In the Enterprise tab, within the Logon Restrictions section, tick the box next to "Disable account after N failed attempts to log on:" and then click on Update at the bottom of the screen.
Regards,
Mark
Similar Messages
-
User Account Locked after three unsuccessful attempts
Hi Gurus,
I have to lock the user after three unsuccessful attempts, How can I do that?
If Yes, what difference will it make if it user databse is UME or Portal DataBase.
Looking for reply,,,
Warm Regards,
KaranHi,
Check this out:
<a href="http://help.sap.com/saphelp_nw04s/helpdata/en/43/3d77734ae830f3e10000000a11466f/frameset.htm">http://help.sap.com/saphelp_nw04s/helpdata/en/43/3d77734ae830f3e10000000a11466f/frameset.htm</a>
Best Regards,
Avishai Zamir -
SLD User gets locked; four unsuccessful logons every 15 minutes
I have a landscape with a PI with the SLD on it. I defined a user with the name SLDUSER and the appropriate authorizations. The PI is a Unicode system, like all systems in the landscape.
There were already some application servers (CRM, Banking Services, Composition Environment) connecting to this SLD and everything went fine.
Now I added another application server, an ERP, for FI-CAx (NW 7.02). As the business partners are distributed via XI through the PI system, the ERP needs to connect to the SLD, too.
I set it up as usual:
- sldapicust: host, port, SLDUSER, password. (What is weird is that there is no test button as in all the other systems ... maybe that depends on the installed EhPs.)
- This generated the destinations (type T = TCP/IP) SLD_UC and SLD_NUC automatically.
- I created destinations SAPSLDAPI and LCRSAPRFC manually in sm59, type T = TCP/IP, set them to Unicode, entered the same (two different) Registered Server Programs that are used in these destinations on all the other servers (CRM, PI, BaS).
- I ran rz70, entered the host and gateway, activated, executed the data collection.
SLDCHECK runs successfully on the ERP system!
The technical system for the BS1 showed up in the SLD as expected.
- I configured the clients / business systems on the SLD.
Now begins the problem. The SLDUSER is now getting locked all the time! It's definitely the ERP system causing it - when I prevent it from accessing the PI (by changing the hosts file on the operating system), the problem stops.
I activated everything critical related to logons and RFCs in sm19 and looked at the logs in sm20. This is what it looks like:
17.08.2011 19:40:04 BNK_RFC ilbnkpi1 SAPMSSY1 Password check failed for user SLDUSER in client 001
17.08.2011 19:40:04 BNK_RFC ilbnkpi1 SAPMSSY1 Logon Failed (Reason = 1, Type = U)
17.08.2011 19:40:04 BNK_RFC ilbnkpi1 SAPMSSY1 Password check failed for user SLDUSER in client 001
17.08.2011 19:40:04 BNK_RFC ilbnkpi1 SAPMSSY1 Logon Failed (Reason = 1, Type = U)
17.08.2011 19:40:04 BNK_RFC ilbnkpi1 SAPMSSY1 Password check failed for user SLDUSER in client 001
17.08.2011 19:40:04 BNK_RFC ilbnkpi1 SAPMSSY1 Logon Failed (Reason = 1, Type = U)
17.08.2011 19:40:04 BNK_RFC ilbnkpi1 SAPMSSY1 Password check failed for user SLDUSER in client 001
17.08.2011 19:40:04 BNK_RFC ilbnkpi1 SAPMSSY1 Logon Failed (Reason = 1, Type = U)
17.08.2011 19:55:04 BNK_RFC ilbnkpi1 SAPMSSY1 Password check failed for user SLDUSER in client 001
17.08.2011 19:55:04 BNK_RFC ilbnkpi1 SAPMSSY1 User SLDUSER Locked in Client 001 After Erroneous Password Checks
17.08.2011 19:55:04 BNK_RFC ilbnkpi1 SAPMSSY1 Logon Failed (Reason = 1, Type = U)
17.08.2011 19:55:04 BNK_RFC ilbnkpi1 SAPMSSY1 Logon Failed (Reason = 53, Type = U)
17.08.2011 19:55:05 BNK_RFC ilbnkpi1 SAPMSSY1 Logon Failed (Reason = 53, Type = U)
17.08.2011 19:55:05 BNK_RFC ilbnkpi1 SAPMSSY1 Logon Failed (Reason = 53, Type = U)
And it goes on like this. So what happens is this: Every 15 minutes, at :10, :25, :40, :55, there are four unsuccessful logons with SLDUSER. With the fifth logon it gets locked.
Again:
- This stops when I make the PI inaccessible to the ERP.
- SLDCHECK still works completely fine in ERP - until the SLDUSER is locked, of course; then it stops working in all connected systems. It does not result in unsuccessful logons on the PI.
- When I run rz70 on the ERP and run the data collection this also reports success and does not create unsuccessful logons on the PI.
- I have not used the SLDUSER in any other locations besides sldapicust.
So what the hell is wrong with this system?!I have created a separate user SLDUSER_ER1 just for use in the sldapicust in the new ERP system that causes the problem. Still SLDUSER is getting locked (not SLDUSER_ER1)!
I powered down this ERP system ER1, just to make absolutely sure it is causing the problem - indeed the unsuccessful logon attempts every 15 minutes stopped right away.
As a workaround and for narrowing down the problem I have created separate users SLDUSER_CR1 etc. for each of the other systems in the landscape (CRM and so on) - indeed those do not get any unsuccessful logon attempts.
I have deleted all four SLD-related destinations in ER1 and recreated them from scratch (SLD_NUC and SLD_UC being generated when running rz70). I also used the "delete all batch jobs" button in rz70.
Still, SLDUSER is getting locked.
I checked on the PI system in C:\usr\sap\PI1\DVEBMGS00\j2ee\cluster\server0\log\system\httpaccess\responses_00.0.trc and see it is indeed the IP of the ERP system that gets the error 401 exactly at the times when the unsuccessful logon attempts occur:
[Oct 2, 2011 2:46:06 PM ] - 10.26.83.234 : POST /sld/cimom HTTP/1.1 401 1499 [140]
[Oct 2, 2011 2:46:06 PM ] - 10.26.83.234 : POST /sld/cimom HTTP/1.1 401 1499 [79]
[Oct 2, 2011 2:46:06 PM ] - 10.26.83.234 : POST /sld/cimom HTTP/1.1 401 1499 [62]
[Oct 2, 2011 2:46:06 PM ] - 10.26.83.234 : POST /sld/cimom HTTP/1.1 401 1499 [47]
As the ERP has no Java instance and the sldapicust does not contain the SLDUSER (but the new SLDUSER_ER1) it is a mystery to me what it is that is still running every 15 minutes in the ERP and tries to use SLDUSER.
I went through the entries in SECSTORE and could not find any use of SLDUSER (only of SLDUSER_ER1, as it should be).
Edited by: Monika Eggers on Oct 2, 2011 3:08 PM -
Recording failed logon attempts
Hi all,
I have built a custom logon form for a internal forms9i system we use and I was wondering if there is a way to enhance the form so that it can track/record unsuccessful logon attempts?
Cheers,
Leigh.Also look athe Forms Builder help documentation. It shows that you can do this:
logon('username','password@database', FALSE);
IF FORM_FAILURE = true THEN
-- logon was unsuccessful, record unsuccessful logon attempt
ELSE
-- logon was successful
END; -
Locking a user after unsuccessful login attempts?!
Does anybody know how to automatically lock a user after a given number of unsuccessful login attempts?
I noticed that solaris does not offer any security feature concerning this item, although it is a good opportunity for hackers to scan a solaris machine.
Please let me know
Thanx in advanceHi,
The Trusted Solaris version supports this feature. You can find the detail about configuring the same at http://docs.sun.com under Trusted Solaris 8 and Administration Procedures.
The same can also be achieved by using Pluggable Authentication Modules(PAM) which has been incorporated since Solaris 2.6. For more info on PAM check out www.sun.com/solaris/pam. There some white papers and admin guide .Also refer to man pages on pam.conf ,pam and pam_unix.
Regards
Anshul -
Hello,
Suddenly the working CRM is being stopped for some group of users.
I drilled down to the issue and have checked that the users from Domain in which CRM is installed are having CRM access.
But for other domain user having problem to access CRM.
I tried to add a user from a domain which is not of CRM domain then it gives following error.
"Business Management Error: You are attempting to create a user with a domain logon that does not exist. Select another domain logon and try again.
<Message>LookupAccountNameW failed with error</Message> "
The change is made - AD group have upgraded Activer Directory server to 2012 R2
Please help as the Production CRM is not working for other domain user.We have Activer Directory Structure like below.
One Root Domain says A
and there are multiple child domain like B,C,D etc...
B,C and D are all in same level,they are child of A domain.
There are two way transitive trusts between A and all the child Domain.
But there is no trust in between B and C and so on.
Our CRM server is in B domain and B domain's user can access CRM but users of Domain C,D and so on can not access CRM.
If this post answers your question, please click "Mark As Answer" on the post and "Mark as Helpful" -
hello,
i am receiving this event on MX:
this is showing ip address of my unity connection that is 172.20.101.22....
what could be reason and cause of it?
EventID: 0xC0000007 (7) - After 5 unsuccessful attempts to send a notification for subscription [EABtYngwMi5uaGljLmxvY2FsEAAAAIfIUmalt2VFie2S8ahJiKNZu5GtCIfRCA==] against endpoint [http://172.20.101.22:7080/NotificationService/services/NotificationService?id=33a00cf5-3f28-44e1-9d44-46b24da4bc2a&pid=14227], the subscription has been removed. Details: WebException: Unable to connect to the remote server Status: ConnectFailure at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult)
at Microsoft.Exchange.Services.Core.NotificationServiceClient.CreateSendNotificationRequestAsync(IAsyncResult requestAsyncResult)Navigate to CUC Administration, set the following under SMTP Configuration > Server, and give it another shot.
[V] Allow Connections From Untrusted IP Addresses
[ ] Require Authentication From Untrusted IP Addresses
-Mateusz -
Dear All, Good day!I just I really need your help badly with regard to my phone. I used to charge the battery of my phone using USB cable on my laptop and today morning my phone is working just fine, but I was running out of battery so I tried to charge it. After few minutes, when I am about to use it, the lock code is not working anymore. I didn’t changed my password or done anything new and I am 101% sure that I have entered my password correctly. However, there’s a message showing : WARNING -"You have entered an incorrect password 5 times. After 10 unsuccessful attempts your device data will be erased." The screen shows Incorrect Password (6/10), but I am entering my correct code again and again and still not working. I restarted it many times and still showing the same thing. Now, I can’t get in and use my phone. I tried to call my number and it still reachable. Thank you so much in advance
To: JSanders, Hi there! thanks for spending time reading my queries and replying on it.YES! I am 101% positive with my security code. Thank God I was able to recover it and use my phone again. Just an input for those who might experience the same thing. Using Black Berry Z30, once you have the dialog box saying:WARNING -"You have entered an incorrect password 5 times. After 10 unsuccessful attempts your device data will be erased." and shows that you still have atleast 3-4 available chances to enter the code, just type "blackberry" thereafter another screen will pop-up and will ask to enter again your password. As long as you are 100% sure about your password, you'll be able to enter and get it back. Now, I am enjoying again my Z30.
-
Sometimes, when we deploy new code to the server, we're getting the following error:
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'
we're using windows authentication and in our connectionstring use integrated security.
Only after restarting the server, the application can connect to the DB again. restarting IIS or recycling the application pool doesn't help.
Our application pool is configured using ApplicationPoolIdentity and we would like to keep it as such.
Any idea what we can do to prevent this error from occurring almost every time we deploy code?
ThanksHi amisol,
Thanks for your post here.
For your issue is related with asp.net security ,i suggest that you can post your issue to the link below:
http://forums.asp.net/25.aspx/1?Security
Best Regards,
Kevin Shen. -
LOCK THE USER AFTER X ATTEMPTS --NOT WORKING?
LOCK THE USER AFTER X ATTEMPTS --NOT WORKING
OpenSSO -->Configuration-->Authentication -->Core -->Login Failure Lockout Count:( 3 ) --> Warn User After N Failures: ( 4)--> Email Address to Send Lockout Notification: --> [[email protected]|mailto:[email protected]]
I tried above step but failed to achieve LOCKING the ACCOUNT...
Could some one please help me...This only works if you use the LDAP auth module.
-
Blocking users after migrating from WCS to NCS?
One of our people in our Helpdesk blocked a user mac because of an alert that said they were using the WiFi in an unsafe manner. Probably streaming or file sharing. Anyway when they blocked the mac they noticed that in the older WCS it would ask if you want to block this on all controllers. The new NCS he said did not have that option that he could find. So the user just authenticated with the same machine to a new controller which then had to be manually blocked.
I could not find in NCS the option to block the offending mac on all controllers either. This does not mean it isn’t there? Can we get a ruling on this? Bug? it worked in WCS.We have NCS 1.1.0.58 and I believe when we block the Mac from NCS it only blocks if on the controller that it is currently associated to.
Sent from Cisco Technical Support iPhone App -
Messages (Jabber) Refuses to Authenticate AD Users after 10.9.2/Server 3.0.3 update
Once again, an update appears to have broken Messages/Jabber's ability to authenticate AD users after the 10.9.2/Server 3.0.3 update even though it was working well before. Hoping someone here has some ideas for how to help!
I can log in just fine as a local user (e.g. [email protected]), but no luck with AD users (e.g. [email protected]). As always, it fails with no intelligible error message whatsoever:
Mar 1 09:46:00 comet.ADdomain.private jabberd/c2s[604]: [9] [::ffff:76.24.227.229, port=58658] connect
Mar 1 09:46:01 comet.ADdomain.private jabberd/c2s[604]: [9] [::ffff:76.24.227.229, port=58658] disconnect jid=unbound, packets: 0
Mar 1 09:48:00 comet.ADdomain.private jabberd/c2s[604]: [9] [::ffff:76.24.227.229, port=58667] connect
Mar 1 09:48:01 comet.ADdomain.private jabberd/c2s[604]: [9] [::ffff:76.24.227.229, port=58667] disconnect jid=unbound, packets: 0
I reset the jabber server configuration as described here to no avail: https://discussions.apple.com/thread/5354428
The DNS configuration looks good:
changeip -checkhostname
Primary address = 10.0.17.15
Current HostName = comet.ADdomain.private
DNS HostName = comet.ADdomain.private
The names match. There is nothing to change.
dirserv:success = "success"
The Jabber status from jabber:
serveradmin fullstatus jabber
jabber:state = "RUNNING"
jabber:roomsState = "RUNNING"
jabber:logPaths:PROXY_LOG = "/private/var/jabberd/log/proxy65.log"
jabber:logPaths:MUC_STD_LOG = "/var/log/system.log"
jabber:logPaths:JABBER_LOG = "/var/log/system.log"
jabber:proxyState = "RUNNING"
jabber:currentConnections = "0"
jabber:currentConnectionsPort1 = "0"
jabber:currentConnectionsPort2 = "0"
jabber:pluginVersion = "10.8.211"
jabber:servicePortsAreRestricted = "NO"
jabber:servicePortsRestrictionInfo = _empty_array
jabber:hostsCommaDelimitedString = "comet.ADdomain.private"
jabber:hosts:_array_index:0 = "comet.ADdomain.private"
jabber:setStateVersion = 1
jabber:startedTime = "2014-03-01 17:39:06 +0000"
jabber:readWriteSettingsVersion = 1
Full jabber server startup log:
Mar 1 09:52:19 comet.ADdomain.private servermgrd[180]: servermgr_jabber[N]: waiting for jabberd to finish startup...
Mar 1 09:52:19 comet.ADdomain.private jabberd/router[1785]: starting up
Mar 1 09:52:19 comet.ADdomain.private jabberd/router[1785]: loaded user table (1 users)
Mar 1 09:52:19 comet.ADdomain.private jabberd/router[1785]: couldn't open filter file /etc/jabberd/router-filter.xml: No such file or directory
Mar 1 09:52:19 comet.ADdomain.private servermgrd[180]: servermgr_jabber[N]: jabberd service startup completed.
Mar 1 09:52:19 comet.ADdomain.private jabberd/c2s[1786]: starting up
Mar 1 09:52:19 comet.ADdomain.private jabberd/s2s[1787]: starting up (interval=60, queue=60, keepalive=0, idle=86400)
Mar 1 09:52:19 comet.ADdomain.private jabberd/sm[1784]: starting up
Mar 1 09:52:19 comet.ADdomain.private jabberd/c2s[1786]: modules search path: /Applications/Server.app/Contents/ServerRoot/usr/libexec/jabberd/modules
Mar 1 09:52:19 comet.ADdomain.private jabberd/c2s[1786]: initialized auth module 'apple_od'
Mar 1 09:52:19 comet.ADdomain.private jabberd/sm[1784]: initialised storage driver 'sqlite'
Mar 1 09:52:19 comet.ADdomain.private jabberd/sm[1784]: modules search path: /Applications/Server.app/Contents/ServerRoot/usr/libexec/jabberd/modules
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-last' added to chain 'sess-end' (order 0 index 0 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'validate' added to chain 'in-sess' (order 0 index 1 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'privacy' added to chain 'in-sess' (order 1 index 2 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'roster' added to chain 'in-sess' (order 2 index 3 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=5347] listening for incoming connections
Mar 1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: [comet.ADdomain.private] configured; realm=comet.ADdomain.private, registration disabled, using PEM:/etc/certificates/mail.ADdomainbio.com.E41BBC081993E348B26181D9CB334A28137A8D8D.concat.pem
Mar 1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: attempting connection to router at 127.0.0.1, port=5347
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49353] connect
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49353] authenticated as jabberd
Mar 1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: connection to router established
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [c2s] online (bound to 127.0.0.1, port 49353)
Mar 1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: [::, port=5222] listening for connections
Mar 1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: [::, port=5223] listening for SSL connections
Mar 1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: ready for connections
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'vacation' added to chain 'in-sess' (order 3 index 4 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/s2s[1787]: attempting connection to router at 127.0.0.1, port=5347
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49354] connect
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49354] authenticated as jabberd
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-vcard' added to chain 'in-sess' (order 4 index 5 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/s2s[1787]: connection to router established
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [s2s] set as default route
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [s2s] online (bound to 127.0.0.1, port 49354)
Mar 1 09:52:20 comet.ADdomain.private jabberd/s2s[1787]: ready for connections
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-ping' added to chain 'in-sess' (order 5 index 6 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-private' added to chain 'in-sess' (order 6 index 7 seq 0)
Mar 1 09:52:20 comet.ADdomain.private Rooms[1792]: Starting up...
Mar 1 09:52:20 comet.ADdomain.private Rooms[1792]: Loading persistent rooms from disk...
Mar 1 09:52:20 comet.ADdomain.private Rooms[1792]: Finished loading rooms from disk
Mar 1 09:52:20 comet.ADdomain.private Rooms[1792]: Connecting to XMPP server at 'comet.ADdomain.private' as 'rooms.comet.ADdomain.private'...
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'disco' added to chain 'in-sess' (order 7 index 8 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'amp' added to chain 'in-sess' (order 8 index 9 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'offline' added to chain 'in-sess' (order 9 index 10 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'announce' added to chain 'in-sess' (order 10 index 11 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'presence' added to chain 'in-sess' (order 11 index 12 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'deliver' added to chain 'in-sess' (order 12 index 13 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'session' added to chain 'in-router' (order 0 index 14 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'validate' added to chain 'in-router' (order 1 index 1 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'presence' added to chain 'in-router' (order 2 index 12 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'privacy' added to chain 'in-router' (order 3 index 2 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'privacy' added to chain 'out-router' (order 0 index 2 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-last' added to chain 'pkt-sm' (order 0 index 0 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-ping' added to chain 'pkt-sm' (order 1 index 6 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-time' added to chain 'pkt-sm' (order 2 index 15 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-version' added to chain 'pkt-sm' (order 3 index 16 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'amp' added to chain 'pkt-sm' (order 4 index 9 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'disco' added to chain 'pkt-sm' (order 5 index 8 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'announce' added to chain 'pkt-sm' (order 6 index 11 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'help' added to chain 'pkt-sm' (order 7 index 17 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'echo' added to chain 'pkt-sm' (order 8 index 18 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'presence' added to chain 'pkt-sm' (order 9 index 12 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'roster' added to chain 'pkt-user' (order 0 index 3 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'presence' added to chain 'pkt-user' (order 1 index 12 seq 3)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-vcard' added to chain 'pkt-user' (order 2 index 5 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'amp' added to chain 'pkt-user' (order 3 index 9 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'deliver' added to chain 'pkt-user' (order 4 index 13 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'vacation' added to chain 'pkt-user' (order 5 index 4 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'offline' added to chain 'pkt-user' (order 6 index 10 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-last' added to chain 'pkt-user' (order 7 index 0 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'session' added to chain 'pkt-router' (order 0 index 14 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'disco' added to chain 'pkt-router' (order 1 index 8 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'active' added to chain 'user-load' (order 0 index 19 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'autobuddy' added to chain 'user-load' (order 1 index 20 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'roster' added to chain 'user-load' (order 2 index 3 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'roster-publish' added to chain 'user-load' (order 3 index 21 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'privacy' added to chain 'user-load' (order 4 index 2 seq 3)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'vacation' added to chain 'user-load' (order 5 index 4 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'active' added to chain 'user-create' (order 0 index 19 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'template-roster' added to chain 'user-create' (order 1 index 22 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'active' added to chain 'user-delete' (order 0 index 19 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'announce' added to chain 'user-delete' (order 1 index 11 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'offline' added to chain 'user-delete' (order 2 index 10 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'privacy' added to chain 'user-delete' (order 3 index 2 seq 4)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'roster' added to chain 'user-delete' (order 4 index 3 seq 3)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'vacation' added to chain 'user-delete' (order 5 index 4 seq 3)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-last' added to chain 'user-delete' (order 6 index 0 seq 3)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-private' added to chain 'user-delete' (order 7 index 7 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-vcard' added to chain 'user-delete' (order 8 index 5 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-version' added to chain 'disco-extend' (order 0 index 16 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'help' added to chain 'disco-extend' (order 1 index 17 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: version: jabberd sm 2.2.17-409
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: [comet.ADdomain.private] configured
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: attempting connection to router at 127.0.0.1, port=5347
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49355] connect
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49355] authenticated as jabberd
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: connection to router established
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [sm] online (bound to 127.0.0.1, port 49355)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: sm ready for sessions
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [comet.ADdomain.private] online (bound to 127.0.0.1, port 49355)
Mar 1 09:52:22 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49356] connect
Mar 1 09:52:22 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49356] authenticated as proxy65.comet.ADdomain.private
Mar 1 09:52:22 comet.ADdomain.private jabberd/router[1785]: [proxy65.comet.ADdomain.private] online (bound to 127.0.0.1, port 49356)
Mar 1 09:52:23 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49357] connect
Mar 1 09:52:24 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49357] authenticated as rooms.comet.ADdomain.private
Mar 1 09:52:24 comet.ADdomain.private jabberd/router[1785]: [rooms.comet.ADdomain.private] online (bound to 127.0.0.1, port 49357)
Mar 1 09:52:24 comet.ADdomain.private Rooms[1792]: Successfully connected to XMPP server, ready for activity
I am not sure if it's attempting to authenticate to AD or not, and if so, why it might be failing. Any suggestions would be greatly appreciated!uscadvit wrote:
Here is the output without the name of our AD:
Advanced Options - User Experience
Create mobile account at login = Disabled
Require confirmation = Enabled
Force home to startup disk = Enabled
Mount home as sharepoint = Enabled
Use Windows UNC path for home = Enabled
Network protocol to be used = smb
Default user Shell = /bin/bash
Advanced Options - Mappings
Mapping UID to attribute = not set
Mapping user GID to attribute = not set
Mapping group GID to attribute = not set
Generate Kerberos authority = Enabled
Advanced Options - Administrative
Preferred Domain controller = not set
Allowed admin groups = not set
Authentication from any domain = Enabled
Packet signing = allow
Packet encryption = allow
Password change interval = 14
Restrict Dynamic DNS updates = not set
Namespace mode = domain
That looks correct. Lets collect a few more config items.
Copy / paste the output of this command when run against c2s.xml:
sudo grep '<id require-starttls="true" pemfile="' /Library/Server/Messages/Config/jabberd/c2s.xml
Ours looks like this:
<id require-starttls="true" pemfile="/etc/certificates/chat.example.com.1234567890.concat.pem" private-key-password="12345678-1234-1234-12345678" cachain="/etc/certificates/chat.example.com.1234567890.chain.pem" realm="example.com">example.com</id>
Copy / paste the output of this command when run against sm.xml. To give us context, it will display the 6 lines above and below the text:
sudo grep -C 6 'If not set, the SM id is used. -->' /Library/Server/Messages/Config/jabberd/sm.xml
Ours looks like this:
<!-- Local network configuration --> <local> <!-- Who we identify ourselves as. Users will have this as the domain part of their JID. If you want your server to be accessible from other Jabber servers, this IDs must be FQDN resolvable by DNSes. If not set, the SM id is used. --> <id>example.com</id> <!-- <id>vhost1.localdomain</id> <id>vhost2.localdomain</id> --> </local>
Copy / paste the output of this command:
sudo serveradmin settings jabber
Ours looks like this:
jabber:dataLocation = "/Library/Server/Messages"jabber:s2sRestrictDomains = nojabber:jabberdDatabasePath = "/Library/Server/Messages/Data/sqlite/jabberd2.db"jabber:sslCAFile = "/etc/certificates/chat.example.com.1234567890.chain.pem"jabber:jabberdClientPortTLS = 5222jabber:sslKeyFile = "/etc/certificates/chat.example.com.1234567890.concat.pem"jabber:initialized = yesjabber:enableXMPP = nojabber:savedChatsArchiveInterval = 7jabber:authLevel = "STANDARD"jabber:hostsCommaDelimitedString = "example.com"jabber:jabberdClientPortSSL = 5223jabber:requireSecureS2S = nojabber:savedChatsLocation = "/Library/Server/Messages/Data/message_archives"jabber:enableSavedChats = nojabber:enableAutoBuddy = yesjabber:s2sAllowedDomains = _empty_arrayjabber:logLevel = "ALL"jabber:hosts:_array_index:0 = "example.com"jabber:eventLogArchiveInterval = 7jabber:jabberdS2SPort = 0
Also, while you're troubleshooting, I found Adium's debug window to be invaluble for showing errors during logon (even if you plan to use Messages).
You can open it in debug mode by holding option + click Adium.app, select "start in debug mode". Then in Adium menu > Debug window. -
Remote Desktop Gateway 2008 R2 - logon attempt failed
I've already read through a lot of threads regarding this. Our RDGW has been working for approx 2 years. Suddenly now, some clients start to get the "logon attempt failed" when they are using rdgw. It does seems to be an increasing problem..
- Redirection in IIS is OK, checked out!
- Blank page appears when i try to logon to http://rdgw.server.com/rpc - This is OK.
I see NO non-normal entries at all in event viewer on the gateway server.
The only thing I get in event viewer on the client is:
TerminalServices-ClientActiveXCore/Microsoft Windows-TerminalServices-RDPClient/Operational:
EventID: 1026 - RDP CLientActiveX is disconnected (reason= 50331649)
EventID: 1025 - Connection with multiple transport is disconnected(not correct - google translate from locale)
This is the only thing I can see in the logs, it pops right after I get the: "The logon attempt failed"
I think a certificate issue is excluded since most of my clients can connect - all certs er valid.
We got people externally and locally that are experiencing this issue (I've forced rdgw to be sure on the local clients) So most likely this problem has nothing to do with external/internal.
On those computers who are unable to logon using rdgw, none accounts works(i've even tried domain admin). So the problem is not user-based either.
Since the "the logon attempt failed" pops within a second I was'nt sure if the traffic even got to our RDGW, so I checked with wireshark, and I can see that the gw is responding in ssl back to the client. Still there is no entries in the log on the rdgw
server..
Any suggestions?
thanksHello all,
Something that worked for me :
On the RD Session Host server, open Remote Desktop Session Host Configuration. To open Remote Desktop Session Host Configuration, click Start, point to Administrative
Tools, point to Remote Desktop Services, and then click Remote Desktop Session Host Configuration.
Under Connections, right-click the name of the connection, and then click Properties.
In the Properties dialog box for the connection, on the General tab, select the server authentication and encryption settings that are
appropriate for your environment, based on your security requirements and the level of security that your client computers can support.
In the Properties dialog
box for the connection, on the Log on Settings tab,
uncheck the box Always prompt for password
Click OK. -
Win7 PC w/ new Active Directory user not able to logon to Win 2K Domain
Hello Friends,
I'm having an issue where our Windows 2000 domain controller does not seem to be on speaking terms with a newly created user on a Windows 7 pro machine.
Here's what I know:
User & Computer are both in AD and work! I've logged in with the new user (Donna) on several machines and other users can log into the computer.
DNS appears to be configured properly on the Win7 workstation (pointed to DC)
DNS is running on the DC and doesn't appear to have any issues.
DCDIAG looks good, all passes except BASC, that failed.
Locally, I've added the domain account to the machine in the users control panel
Removing the account and the computer from the domain didn't work (I've also renamed the computer)
I thought about just renaming the current account that is working to the new user, however, I've always had issues after doing so.
Any thoughts?Did you get any of these logs ?
529
Logon failure. A logon attempt was made with an unknown user name or a known user name with a bad password.
530
Logon failure. A logon attempt was made user account tried to log on outside of the allowed time.
531
Logon failure. A logon attempt was made using a disabled account.
532
Logon failure. A logon attempt was made using an expired account.
533
Logon failure. A logon attempt was made by a user who is not allowed to log on at this computer.
534
Logon failure. The user attempted to log on with a type that is not allowed.
535
Logon failure. The password for the specified account has expired.
536
Logon failure. The Net Logon service is not active.
537
Logon failure. The logon attempt failed for other reasons.
Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
the thread. -
SqlException was caught: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
Hi,
I have deployed an On-Premise SharePoint solution with event receiver to update external SQLDB. I'm using Visual Studio 2013 to create a SharePoint 2013 project on the same machine where SharePoint 2013 server is running. I was able to create
new items, but unable to update/delete. My event were fired accordingly however got choked on sqlConnectionlOpen() when attempting to update/delete with the following exception:
SqlException was caught: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
Why would SharePoint uses SharePoint web application account my admin created to create and assumes NT AUTHORITY\ANONYMOUS LOGON account for update\delete? Any idea how to fix?
Appreciate your help.I'm new to SharePoint development. I'm not familiar with SharePoint object model. Do I need to use it for working with external data? I used SPSecurity.RunWithElevatedPrivileges
block like you have suggested and is now working fine for both update/delete =)
My project is to develop a SharePoint site to work off external SQL DB. I tried BCS approach to work with external data but that didn't allow workflow/task feature.
Besides, there is no delete event where I can manually sync with external data when an item gets deleted when using SharePoint 2013 Designer. So using event receiver with SharePoint solution in VS2013 is the solution. Now that I am able to
propagate changes to external data store on item events, the new challenge is how do I over come SharePoint deployment conflict resolution (default? enforcement?) as each publish automatically deletes existing items in my lists and recreate? In another word,
I'm trying to replicate SharePoint list to external data store each transaction to keep them sync. Any thought would be greatly appreciated.
Maybe you are looking for
-
New ipad will no longer connect to the internet.
This is not a network problem - all my other devices work fine and are connecting (including iphone, MacBook, girlfriends "new" ipad). Mine worked fine for months then suddenly, i get the wifi signal but in settings, you just see the spinning gear -
-
App store problem after updating OS to Mavericks. Ended up deleting app store. How do I get it back?
I upgraded to Mavericks. When I tried to update my apps in the appstore, I was getting prompted to enter in a password for someone else's Apple Id. I have no idea who this person is and I could not change the ID. I was logged into the App Store un
-
Every since switching to Leopard (10.5) Mail 3.0 has been messed up. It keeps timing out on the IMAP accounts over and over again. Sometimes it goes through, sometimes all 8 of my accounts (same server) get the message: "There may be a problem with t
-
Script to select files in a folder based on extension
Does anyone have a script that would select files in a folder based on extension, then move the files somewhere else?
-
HT2688 I have a used computer how do i open my library
my laptop was stolen so i now have a used computer and im trying to open my ipod library but i get the library of the previous owner of the pc. what do i do?