Mail user authentication failure

My site has been suffering from a problem with access from Macs running Mail to POP3 mailboxes hosted on Snow Leopard server mail from at least 10.6.3 upwards (including the latest build of 10.6.5). It manifests itself as the notorious failed connections with Snow Leopard Mail, but the cause appears fairly clear.
If I look at the Mail Server logs (Mail Access) I can clearly see that the connection was rejected with the error message "unable to lookup user record ". If I then look at the Password Service Server Log it is clear that this server did not receive the authentication request, as it is not present in the log even though many successful authentications both prior to and subsequent to the failed one are present.
So somewhere between the Mail Server and the Password Server some authentication requests are going astray. It is only a very occasional occurrence but it appears to be totally random in nature - authentication will carry on correctly for hours and sometimes days, but then all of a sudden an authentication request will fail and Mail trips out on the client system. Once you reset Mail things again proceed fine but it is a nuisance that this happens at all.
I would like to see Apple address this in one of two ways - either sort out why the occasional authentication request fails, or alternatively make Mail not be quite so pedantic. If a connection fails then tolerate it - this does happen occasionally, for many different reasons, and it is a big nuisance having to calm Mail down when it does. Why not just have an error window like Entourage which you can look at if you want to see when errors have occurred?
In the meantime, if anyone has any good ideas about why the authentication requests fail on occasion I would be delighted to hear. This didn't happen at all originally for many iterations of the server software until suddenly it did start occurring, so it must be possible to make it work reliably!

Unfortunately changing the access setting was not possible on my system - it is already set that way and the problem is still occurring.
In order to see this happening in the logs, using Server Admin, firstly check in the Mail Access log for the Mail server for an unsuccessful (rejected) connection by a user that can normally access without problems. Check the exact datestamp.
Then take a look at the Password Service Server Log in Open Directory at that datestamp and you will find that there is no entry, whereas there will be entries for all the successful logons. There won't be anything in the password server error log.
Taken together this suggests to me that the request from the mail server to the password server is just getting lost between the two for some reason and never reaches the password server.
It would be great to hear from others that they are also experiencing this same cause for their logon unreliability problems. As I say above, I think the problem is a combination of the fault with the two components on the server coupled with Mail's unnecessarily pedantic handling of failed logons. Both should be fixed pronto, but I would settle for Mail being cured of its ridiculously over the top panicking over something that can happen even on more reliable mail servers.

Similar Messages

  • Go URL - User Authentication Failure

    Hi,
    I am trying to use a 'Go URL' in web application and I see some issue with authentication mechanism.
    I was able to login and view the dashboard whenever the username used in the 'Go URL' is from the console. But if the user who is from Active directory is used in the 'Go URL' link, then I get the login page saying 'Invalid username or password'. When I check the log file, it says ' [53012] User Authentication Failure'.
    Also the AD user can login from the login page, but not thru 'Go-URL' link.
    Can anyone let me know whether I am missing any step?
    Thanks

    969211 wrote:
    I was able to login and view the dashboard whenever the username used in the 'Go URL' is from the console. But if the user who is from Active directory is used in the 'Go URL' link, then I get the login page saying 'Invalid username or password'. When I check the log file, it says ' [53012] User Authentication Failure'.
    Also the AD user can login from the login page, but not thru 'Go-URL' link.
    Can anyone let me know whether I am missing any step?Check the usage of Go URL first : http://docs.oracle.com/cd/E21043_01/bi.1111/e16364/apiwebintegrate.htm
    If you dont user NQUser and NQPassword then they will be prompted for a password. you need to http://<hostname.domain>:9704/analytics/saw.dll?Dashboard&PortalPath=<your GO URLpath>*&NQuser=USERNAME&NQPassword=PASSWORD*
    You should not access if URL without logging in.
    Also on different note:
    Rupesh Shelar wrote:
    Make sure your BISYSTEM password
    Go to weblogic console, http://IP address:7001/console
    Home >Summary of Security Realms > myrealm > Users and Groups > BISystemUser
    And then go to your EM (http://IP address:7001/em)
    expand weblogic domain > bifoundation_domain > Security > Credentials > oracle.bi.system ? system.user
    Just retype a new password then Restart BI All Services then test it.How is BISystemUser even related to Go URL .or this issue .?
    Hope this helps.
    Let me know the updates. Mark if it answers!
    Thanks,
    SVS

  • "Remote Apple Events" User Authentication failure

    I will send some Remote Apple-Events from a local machine to a remote Mac Mini (OS X Server 10.5.4) with "eppc://admin:[email protected]". But i get the error message "User Authentication failure -927".
    Mounting the remote Volume is no problem with the same user and password strings "afp://admin:[email protected]" so i think that the user and passwort is correct.
    I have reset the Keychains and have no further ideas. Any hints?

    Have you checked that the account you're using is allowed to send AppleEvents?
    (System Preferences -> Sharing -> Remote Apple Events)
    I set the access for AppleEvents for all Users on the local machine as well on the remote server. Send AppleEvents from server to the local machine seems working.
    Are there special settings on OS X Server for user privileges in the "Workgroup Manager", i'm not very skilled with UID and GID?

  • ISE internal user authentication failure - user not found

    Hi Forumers'
    I trying to do wireless 802.1x, where identity store using intenral user.
    But i found this error message when i trying to connect
    Authentication failed                                                                                 :
    22056 Subject not found in the applicable identity store(s)
    My authrorization rules is built like this
    identity groups = user identities group / " mygroup"
    condition = no setting
    permissions = standard / PermitAccess
    Question 1
    Any troubleshooting step to do on this?
    Question 2
    For the Authorization rules, what's the condition should set for using Internal User as Identity store?
    Thanks
    Noel

    The error is caused to an authentication failure and is not an issue with authorization
    You need to look at your authentications policy (Policy->Authentications) and see which identity store was authenticated against
    In addition can do the Live Authentications page (Monitor->Authentications) and for the failing record click on the icon under details. This will give you the full details of the requets processing and you can see which rule was matched in the identity policy (Identity Policy Matched Rule) and "Selected Identity Stores".

  • Anyconnect 3 NAM Profile user authentication failure

    Hello,
    I use Cisco Anyconnect as a supplicant for my 802.1x enabled network, we use EAP-TLS. I created a wired profile with the standalone profile manager and deployed it to my clients. Machine authentication works fine, but as soon as i log in to the device the user authentication is not working and the anyconnect falls back to an open wired network.
    I don't see any logs in my ACS.
    But when i create a profile on the device itself the EAP-TLS authentication works without any issues.
    any ideas?
    regards
    alex

    Hello Luke-
    I have faced the same issue with MAR (Machine Access Restriction) in the past. It all worked great while we had wireless authentication only but things went out of control once we started to roll out wired
    I have been working with ISE for a little bit now and I can tell you that the same issue is still present. It would be pretty nice if they can "fix" this but as of right now you would face the same exact issue. So if you want to do user+machine authentication, you have a couple of options that were recently discussed in this thread:
    https://supportforums.cisco.com/message/3775027#3775027
    To answer your other question:
    So is there a trick to get NAM to trigger machine re-authentication without having to reboot?
    Back when I had this issue I was able to "trick" the native windows client to perform machine authentication again by going to "Start Menu > Shut Down > Switch User." In the new window it is important not to click on the already logged user but to select "New/Different User." There you can still type the same credentials for the already logged user. This seemed to force the machine to pass its machine credentials again without having to reboot the machine which is till not ideal and not user friendly at all but that is all I have Also, do keep in mind that I have not tested this with the AnyConnect client so results may vary.
    Thank you for rating!

  • WLAN USER AUTHENTICATION FAILURE

    Hello All,
    I have an enterprise WLAN which users are authenticating with the AAA server (CISCO ACS 4.2).
    We recently migrated this WLAN from autonomous mode to lightweight mode by introducing a wireless LAN controller and changed the AAA server device to CISCO ISE with base license.
    The challenge now is that some wireless users are connecting to this new controller based WLAN while other users are not authenticating.
    Hint: On the ISE, we implemented PEAP authentication. I noticed that some of end wireless devices (Laptops) are configured for LEAP instead of PEAP. I have made these changes but the issues still persists.
    Any help please.
    Regards,
    Ethelbert Ezeaputa

    Hi
    The description of your problem is vague. What are the authentication error logs on ISE? What state are clients on WLC? Could also post the debug client Mac address
    Sent from Cisco Technical Support Android App

  • User authentication failure: BISystemUser.

    Hello All,
    Created an AD authentication and faced the above error. Backed out the AD and still getting the above error. in BI Server logs and the Presentation Server does not start.
    Did you guys face this issue before, if so what was your resolution ?
    Thanks !
    Rush

    Do I need to re-innstall the environment ? Changed the password for BISystemUser and changed the same in credential Store, but still the issue persists. Also refreshed the GUIDS..
    Thanks

  • Prime 2.0: User Auth Failure Count

    Hello
    In Prime 2.0, on the Home page> General, you can view dashlets showing various bits of information.
    One of those available is User Auth Failure Count and I am trying to establish what this table is showing me and if I can get this information out of Prime in a CSV format for example, in order to do some correlation with RADIUS logs.
    I want to establish whether the users being reported as having an auth failure are actually managing to get onto the network eventually, or whether we have an authentication problem we need to tackle.
    The only reference in Cisco documentation I have found to date says the following, which is not helpful to me:
    "User Auth Failure Count
    This dashlet displays a chart which shows user authentication failure count trend over time.  "
    Does anyone know if this information is exportable somehow?
    thanks
    Bryn

    Hi Scott
    I agree with your point that the historical data is available via MSE, but I now come round to my first question, which is how do I get to the data from Prime?
    I cannot find a report to run to get the Failed Auth User Count data, although it must be there for the information to be populating the dashlet
    I think I will have to try our Cisco contact
    thanks
    Bryn

  • Cisco ISE Failure: 24408 User authentication against Active Directory failed since user has entered the wrong password

    Hi,
    Since we implemented Cisco ISE we receive the following failure on several Notebooks:
    Authentication failed : 24408 User authentication against Active Directory failed since user has entered the wrong password
    This happens 2 or 3 times per Day. So basically the authentications are working. But when the failure appears, the connection is lost for a short time.
    The Clients are using PEAP(EAP-MSCHAPv2) for Authentication. We've got a Cisco Wireless Environment (WLC 5508).
    Why is this happening?
    Thanks,
    Marc

    The possible causes of this error message are:
    1.] If the end user entered an incorrect username.
    2.] The shared sceret between WLC and ISE is mismatched. With this we'll see continous failed authentication.
    3.] As long as a PSN not receiving a response from the supplicant within this limit during an EAP conversation, it will throw this error code. In majority of cases it says eap session timed out.
    In your cases, the 3rd option seems to be the most closest one.
    Jatin Katyal
    - Do rate helpful posts -

  • OAM certificate Authentication failure redirection with no user certificate

    Hi,
    I am using Certificate authentication. I need to do an authentication fail redirect.
    When I have valid certificate in my browser - authentication is successful. This is fine.
    When I have invalid certificate (credential mapping failure) it redirects me to the intended url.
    The problem is when I do not have a user certificate in my web browser. It does not redirect to the url.
    Anyone has a solution? any suggesstion?
    Please let me know. Its an urgent requirment.
    Thanks.
    Himadri

    Hi Himadri,
    It's some time since I have tested this, but I believe that what you have discovered is unavoidable behaviour, and you will need to handle this condition somehow in the configuration of the web server. The behaviour is:
    - user presents certificate that is accepted by web server, but not OAM, then the OAM authentication failure redirect takes effect ;
    - user presents certificate that is not accepted by web server (or no certificate as you discovered) then the web server handles the failure without giving the WebGate the chance to intervene.
    Sorry I'm not sure how to do this in the web server.
    Regards,
    Colin

  • Email authentication failure, password/server settings NOT changed

    Scenario: I've been using Thunderbird for years now to connect to Verizon and download my email.  Server settings have always been:
    POP3
    incoming.verizon.net port 110
    connection security none
    authentication method encrypted password
    SMTP
    outgoing.verizon.net port 25
    connection security none
    authentication method password, transmitted insecurely (oops)
    Suddenly when I try to get my email, it stops and tells me there's an authentication failure.  I've seen this happen before with Verizon when a server is down or messed up or whatever (pretty poor message for a service interruption, but whatev).  So I decided to wait it out, but when it didn't clear up after several hours, went to the website where I was able to log in (huh?) and decided to change my password for the hell of it.  Guess what?  New password doesn't work in the email client.  Quelle surprise. 
    Sooo, I find THIS page (https://www22.verizon.com/Support/Residential/internet/highspeed/email/setup+and+use/questionsone/86...) which tells me a lot of malarkey about server settings.  I tried changing the incoming to their recommended settings, and it looks like there's no server communications a-tall.
    Can someone tell me what's amiss, and while you're at it, tell me where in a just and well-ordered universe a service provider changes server settings without notifying users well in advance?  Extra points for creativity.

    These are the new settings and they do work in Thunderbird.
    Mail server settings
    Incoming mail server (POP3)        pop.verizon.net       
    Incoming Server Port Numbers: 995
    Outgoing mail server  (SMTP)       smtp.verizon.net
    Outgoing Server Port Numbers: 465 
    Connection security:   SSL/TLS      for POP & SMTP
    The change you are probably missing as it wasn't on that page:
    Make sure your Authentication method is set to  "Normal password"  for  POP & SMTP

  • Intermittent AD Authentication failures in ISE 1.2

              Starting today I was getting intermittent authentication failures in ISE. It would say that the user was not found in the selected identity store. The account is there though. At one point I ran a authetication test from the external identity source menu and I got a failure and then the next time a pass. I have no idea why this is happening. I just updated to ISE 1.2 the other day. I'm also seeing what looks like a high level of latency on both of my PSN's. Is this normal?  Any ideas?
    Thanks
    Jef

    Interesting. I have one location that is not having this problem at all. The other is having it somewhat frequently. The PSN's for each location are tied to the local AD servers. I have not had this until we started getting 300-380 PC's connecting. We are a school so we are slowly getting started. It's real random. One user will work then another time they won't. Happens with admin and user. I have notices that with this new version of ISE it is complaining that it is getting accounting updates from the NAS too often, but I have not looked into this because I just installed 1.2 about 3-4 days ago and haven't had time to look into it.
    When you say Multicast to you AD...how did you check that? We do use multicast.

  • The test couldn't sign in to Outlook Web App due to an authentication failure. Extest_ account.

    Hi.
    I'm using SCOM 2012 R2 and have imported the Exchange server 2010 MP.
    I have runned the TestCasConnectivityUser.ps1 script and almost everything is okay except for the OWA test login.
    The OWA rule is working for some time until (I think) SCOM is doing a automatic password reset of the extest_ account. Then I get the OWA error below. The other test connectivity are working. Any suggestions.
    One or more of the Outlook Web App connectivity tests had warnings. Detailed information:
    Target: xxx|xxx
    Error: The test couldn't sign in to Outlook Web App due to an authentication failure.
    URL: https://xxx.com/OWA/
    Mailbox: xxxx
    User: extest_xxx
    Details:
    [22:50:08.936] : The TrustAnySSLCertificate flag was specified, so any certificate will be trusted.
    [22:50:08.936] : Sending the HTTP GET logon request without credentials for authentication type verification.
    [22:50:09.154] : The HTTP request succeeded with result code 200 (OK).
    [22:50:09.154] : The sign-in page is from ISA Server, not Outlook Web App.
    [22:50:09.154] : The server reported that it supports authentication method FBA.
    [22:50:09.154] : This virtual directory URL type is External or Unknown, so the authentication type won't be checked.
    [22:50:09.154] : Trying to sign in with method 'Fba'.
    [22:50:09.154] : Sending HTTP request for logon page 'https://xxx.com/CookieAuth.dll?Logon'.
    [22:50:09.154] : The HTTP request succeeded with result code 200 (OK).
    [22:50:09.373] : The test couldn't sign in to Outlook Web App due to an authentication failure.
    URL: https://xxx.com/OWA/
    Mailbox: xxx
    User: extest_xxx
    [22:50:09.373] : Test failed for URL 'https://xxx/OWA/'.
    Authentication Method: FBA
    Mailbox Server: xxx
    Client Access Server Name: xxx
    Scenario: Logon
    Scenario Description: Sign in to Outlook Web App and verify the response page.
    User Name: extest_xxx
    Performance Counter Name: Logon Latency
    Result: Skipped
    Site: xxx
    Latency: -00:00:00.0010000
    Secure Access: True
    ConnectionType: Plaintext
    Port: 0
    Latency (ms): -1
    Virtual Directory Name: owa (Default Web Site)
    URL: https://xxx.com/OWA/
    URL Type: External
    Error:
    The test couldn't sign in to Outlook Web App due to an authentication failure.
    URL: https://xxx.com/OWA/
    Mailbox: xxx
    User: extest_xxx
    Diagnostic command: "Test-OwaConnectivity -TestType:External -MonitoringContext:$true -TrustAnySSLCertificate:$true -LightMode:$true"
    EventSourceName: MSExchange Monitoring OWAConnectivity External
    Knowledge:
    http://go.microsoft.com/fwlink/?LinkID=67336&id=CB86B85A-AF81-43FC-9B07-3C6FC00D3D42
    Computer: xxx
    Impacted Entities (3):
    OWA Service - xxx, xxx - xxx, Exchange
    Knowledge:     View additional knowledge...
    External Knowledge Sources
    For more information, see the respective topic at the Microsoft Exchange Server TechCenter
    Thanks
    MHem

    Hi,
    Based on the error, it looks like an OWA authentication failure.
    Have you tried post this to LYNC forums?
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • Email Receiver Dynamic User Authentication, is it possible?

    Hello Experts,
    I have a scenario SAP ECC->SAP PI->Gmail Mail Server, now the interface is working fine, the thing is that I want to configure the user Authentication in a dynamic way, I tried to doit in a UDF in the Message Mapping, using the dynamic values for:
    TServerLocation
    TAuthKey
    fields, but is not working, am I using the correct header fields?, or is there another way to change this parameters?, thanks in advance for your answers.
    Regards,
    Julio Cesar

    Hello Gopal,
    Im using Plain, it works fine if I fill up the fields for User and Password in the comm channel, but if I try using the fields in a Dynamic way is not working, thanks for your answer.
    Regards,
    Julio

  • [SOLVED] Authentication failure while try to login in GDM

    Hi,
    I just installed Arch Linux 64 bit on Virtualbox (I using GNOME and GDM). I have set on  rc.conf daemon arrays to start dbus and gdm and it run well.
    My problem is I can't login using root. When I try to login, it prompt Authentication failure
    I can't re-configure my rc.conf because I can't login, and I stuck in GDM screen..
    When I try to use "Ctrl+Alt+F1", it effects to my host (ubuntu), not to my guest Arch
    How to skip GDM to started for this condition and how to solve this authentication failure ?
    Last edited by alphazero (2011-11-20 11:51:19)

    Since I run on virtualbox. I can't use Ctrl-F1, so I try to edit rc.conf using LiveCD
    After I modify rc.conf and remove gdm in daemon array, I reboot and login as root.. adduser and finally it works login as user
    And I add again gdm after it worked to log as user.
    So problem solved.. Thanks to wonder for your help.
    Last edited by alphazero (2011-11-20 11:50:54)

Maybe you are looking for

  • Mail, Address Book, iCal, Safari problems after 10.4.6 update

    Updated to 10.4.6 from 10.3.9 via purchased Tiger disks, and have been having problems with Apple basic applications. Address Book opens, then freezes and must Force Quit. iCal opens, then freezes and must Force Quit. Mail opens, but cannot retrieve

  • On Mavericks Mac mail tells me my password is incorrect.

    My Mac is on Mavericks.  I have 2 POP email accounts. These two accounts are setup identically on my Mac my iPad and iPhone.  On iPhone and iPad they work fine.  On my Mac both emails tell me my password is wrong - it is not - HELP please.

  • Podcasts remaining on Ipod

    Why does my Ipod now keep heard podcasts on the display screen? Used to be that when I listened to a podcast it was removed and only unheard ones were left. Recently this changed and all remain after syncing. Any ideas? Thanks

  • Load Balancing And the Login Server

    We have just added load balancing to our cluster of 30980 portal servers. The load balancing works only sporadically. We noticed a round-robin approach was taken in the configuration guides, which is not acceptable to our infrastructure team. Questio

  • Performance OO ABAP v/s Procedural ABAP

    Hi Experts, I want to know if the performance of any particular program is enhanced by the use of OO ABAP over Procedural ABAP. Please let me know if there are any articles (books, blogs and forum threads...) which discuss the same.  Thank you -Joe