Strange username in failed attempt log in ACS

I have an access point configured to use dot1x (MS-PEAP) which authenticates against ACS. Everything work fine, but there are some strange logs appearing in failed attempts. I think it is some sort of misinterpretation in ACS.
My ACS is 4.1
My access point is AIR-AP1231G version 12.3
I also have attached the logs. Hope anyone can help me clarify this.

This document provides a sample configuration for LEAP or MAC authentication.
Note: This guide assumes the most basic configuration. It does not cover configuration of more advanced encryption modes such as Cisco Key Integrity Protocol (CKIP) and Cisco Centralized Key Management (CCKM).
http://cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00805e7a13.shtml

Similar Messages

  • Unknown User in "Failed Attempts" Log

    The "Failed Attempts" log on the ACS 4.1 began showing entries that I do not understand. The backend is Active Directory.
    Basically, the entry it is in this format:
    date,time,authen failed,foreigndomain\user,localadmingroupname,callerid,External DB user invalid or bad password,... etc.
    This is what I don't understand: It appears that the "foreigndomain\user" entry must be a foreign device that is trying to authenticate to our wireless environment (PEAP). But why is it showing the group name as our ACS administrators group!? Shouldn't it see the "foreigndomain\user" as another group like "Default Group"? I have the "\Default" group mapping set to "Default Group".
    Thank you.

    we have a similar thing occur when a group mapping cannot be found, it logs the failed attempt against the first group in ACS.
    Is "group 1" named "ACS administrators"?
    I don't think it means much as I assume group mapping only occurs if an authentication attempt is successful?? It seems there is bug in that ACS needs to put something in the log entry for group and so uses the first group name rather than N/A, blank, or something to that effect.

  • Where is the failed login attempts log in ISE?

    I have a client whom purchased Cisco ISE about a year ago.
    The former NAC box was the Cisco ACS, which used TACACS.
    ISE does not support TACACS, so I am using RADIUS instead.
    We used to use ACS to query AD so that admins could authenticate to the switches on the network.
    I am trying to get ISE to also query AD when an admin tries to login to the switches.
    Where within ISE is the old Failed Attempts Log that was resident in ACS?
    thx

    Hi,
    In Cisco ISE to see live failed and passed authentication logs
    Operations>authentications>live authentications and then click on detail.
    For failed login attempts by administrator.
    Monitor > Reports > Catalog > Server Instance > Server Administrator Logins report
    For understanding and configuring loggs
    Administration > System > Logging

  • Constant Failed Attempts from ASYNC ports

    Our ACS 4.2 Failed Attempts log is being filled by "noise" on the async (tty0/tty1) from both our routers and switches. We have modems attached to our routers primarily on the console ports, in addition we have the aux port of our router connected to the console port of our LAN switch so we can reverse telnet into the switch. Both router & switch are TACACs enabled. In the user-name field of the ACS log, we get "noise" such as "interface up and down", "Press RETURN to get started", which the authen-failure-code indicates invalid characters or "ACS user unknown" in username field. What would cause this?  I know misconfigured modems can cause echo issues but why a switch console port?

    Dan/Greg,
    This issue occurs when terminal server device (like c2509, c2511 or other) connect to it and which is sending junk to console or aux lines of the Router/Switch.
    What may happen wrong with Terminal Server config:
    = Incorrect speed for the line (which is connected to console of the router)
    = possibly "exec" is running on that line on Terminal Server, thus sending unexpected prompt to the router console/aux.
    When you want to allow only an outgoing connection on a line, use the *no**exec* command.The *no exec* command allows you to disable the EXEC process for connections which may attempt to send unsolicited data to the router.
    (For example, the control port of a rack of modems attached to an auxiliary port of router.) When certain types of data are sent to a line connection, an EXEC process can start, which makes the line unavailable.
    The user will still be able to access the console of the device and be authenticated as well.  This puts extra burden on ACS and you may see some latency with legitimate authentications.  
    Let me know if you have any question.
    Regards,
    ~JG
    Do rate helpful posts

  • Caller-id absent in failed attempts

    Hi all experts.
    I am using ACS 3.3 but pls dont run away since i am facing very odd issue. In my failed attempt logs, there are times when the caller-id is not present( means blank). What could be the possible reason for that ?
    Thanks in advance

    Information in the "Caller-ID" depends on the information being sent from
    the NAS to ACS.
    For TACACS -- whatever is being passed from NAS to ACS in the "rem_addr"
    field that will be logged in "Caller-ID".
    For RADIUS -- whatever is being passed from NAS to ACS in the "Calling
    Station ID (31)" attribute that will be logged in "Caller-ID".
    It also depends on the type of connection you are using:
    -For dial-in it will be telephone number from which you are dialing if the
    TELCO forwards that information otherwise it will say "async".
    -For telnet it will log the IP address of the client.
    -For wireless device it will log the MAC address.
    So, it depends on the information being passed from NAS to ACS and the type
    of authentication protocol you are using. If NAS doesn't pass the info then
    it will be blank.
    You can run #debug aaa authentication
    #debug radius (or tacacs)
    and verify the fields

  • W7: User Profile Service service failed at log on: Apparently W7 is no longer creating any user profile data other than username and picture.

    First time poster, but I think I've done my homework on this issue.
    This issue has similar symptoms to a problem with vista: http://www.vistax64.com/tutorials/130095-user-profile-service-failed-logon-user-profile-cannot-loaded.html
    However, it is definitely not the same issue (see further).
    Current Config:
    HP dv7-1450.
    W7 RC 7100 x64
    Last update (up to date as of 8/31/09) installed succesfully 8/26/09 and should be unrelated to this issue (not verified yet by a pre-update restore).
    Running with Admin account while diagnosing/troubleshooting.
    Currently have two working accounts, one standard, one admin.
    Symptom:
    New user accounts cannot be logged into.  On an attempted login to the new account, the following information is displayed on the login screen:  "The User Profile Service service failed the logon.  User profile cannot be loaded."  Windows then logs off the operator and returns to the initial user selection screen.  All other aspects of use are normal.
    Current Diagnostics:
    First attempts to resolve this problem were to recreate the new account.  This was attempted when logged in as both Standard and Admin.  This was also attempted under safe mode.  This has been attempted with virus protection disabled.  All to no difference in the symptom.
    The similarity to the Vista issue (linked above) caused me to check the registry entry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ for the new profile (as suggested by that link).  Unlike that issue, there simply is no entry for the new user.  Examination of the new log entries from creation of account to attempted log in provides the following entries:
    Level Date and Time Source Event ID Task Category
    Information 8/31/2009 12:34:31 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
    Warning 8/31/2009 12:34:11 PM Microsoft-Windows-Winlogon 6001 None The winlogon notification subscriber <Profiles> failed a notification event.
    Information 8/31/2009 12:34:11 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
    Warning 8/31/2009 12:34:11 PM Microsoft-Windows-Winlogon 6001 None The winlogon notification subscriber <Sens> failed a notification event.
    Error 8/31/2009 12:34:10 PM Microsoft-Windows-User Profiles Service 1500 None "Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.
    DETAIL - Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
    Warning 8/31/2009 12:34:10 PM Microsoft-Windows-User Profiles General 1509 None "Windows cannot copy file C:\Users\Default\AppData\Local\Microsoft\Windows Live\SqmApi\SqmData720896_00.sqm to location C:\Users\TEMP\AppData\Local\Microsoft\Windows Live\SqmApi\SqmData720896_00.sqm. This error may be caused by network problems or insufficient security rights.
    DETAIL - Access is denied.
    Error 8/31/2009 12:34:09 PM Microsoft-Windows-User Profiles Service 1511 None Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
    Warning 8/31/2009 12:34:09 PM Microsoft-Windows-User Profiles General 1509 None "Windows cannot copy file C:\Users\Default\AppData\Local\Microsoft\Windows Live\SqmApi\SqmData720896_00.sqm to location C:\Users\{New Username}\AppData\Local\Microsoft\Windows Live\SqmApi\SqmData720896_00.sqm. This error may be caused by network problems or insufficient security rights.
    DETAIL - Access is denied.
    Naturally I started with the earliest error first, and decided to look to see what is going on.  The file that is trying to be copied is there, but the destination folder does not exist.  As near as I can tell, whatever process (the User Profiles General Service?) is trying to perform the copy does not have sufficient access to perform the operation.  Specifically I suspect it may not be able to create the appropriate folders before performing the copy.  Interestingly, it appears that when windows attempts to open/create a temporary account profile, the same issue occurs.  Since there is no registry entry either, I suspect that the issue also extends to the creation of registry keys, but I am not familiar enough with the sequence of events in the creation of a user profile to determine if this would come before or after a user profile's first login.
    I attempted to find more information, and was able to investigate the UPS diagnostic event log (for a different, but identical attempt at creating and using the new profile).  The following two (unhelpful to me) log entries were generated.
    Level Date and Time Source Event ID Task Category
    Information 8/31/2009 12:34:10 PM Microsoft-Windows-User Profiles Service 1002 (1001) "The description for Event ID 1002 from source Microsoft-Windows-User Profiles Service cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
    If the event originated on another computer, the display information had to be saved with the event.
    The following information was included with the event:
    The message id for the desired message could not be found
    Information 8/31/2009 12:34:09 PM Microsoft-Windows-User Profiles Service 1001 (1001) "The description for Event ID 1001 from source Microsoft-Windows-User Profiles Service cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
    It seems to imply that the User Profiles Service may be corrupted, but this may also be unrelated.  I do not know how to specifically repair this service anyway (but am open to try it if someone can walk me through it a bit).
    There's the info.  I'd like to figure out how to watch the account creation process in more detail to see if I gleen more, but I don't have the experience to know what to do to enable such a log.  I will not perform a reinstall and am loath to do a restore, instead looking more for a cause and effect repair: something that would actually help MS fix the problem rather than have the customer fix the symptom.
    Thanks in advance to responders!

    First time poster, but I think I've done my homework on this issue.
    This issue has similar symptoms to a problem with vista: http://www.vistax64.com/tutorials/130095-user-profile-service-failed-logon-user-profile-cannot-loaded.html
    However, it is definitely not the same issue (see further).
    Current Config:
    HP dv7-1450.
    W7 RC 7100 x64
    Last update (up to date as of 8/31/09) installed succesfully 8/26/09 and should be unrelated to this issue (not verified yet by a pre-update restore).
    Running with Admin account while diagnosing/troubleshooting.
    Currently have two working accounts, one standard, one admin.
    Symptom:
    New user accounts cannot be logged into.  On an attempted login to the new account, the following information is displayed on the login screen:  "The User Profile Service service failed the logon.  User profile cannot be loaded."  Windows then logs off the operator and returns to the initial user selection screen.  All other aspects of use are normal.
    Current Diagnostics:
    First attempts to resolve this problem were to recreate the new account.  This was attempted when logged in as both Standard and Admin.  This was also attempted under safe mode.  This has been attempted with virus protection disabled.  All to no difference in the symptom.
    The similarity to the Vista issue (linked above) caused me to check the registry entry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ for the new profile (as suggested by that link).  Unlike that issue, there simply is no entry for the new user.  Examination of the new log entries from creation of account to attempted log in provides the following entries:
    Level Date and Time Source Event ID Task Category
    Information 8/31/2009 12:34:31 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
    Warning 8/31/2009 12:34:11 PM Microsoft-Windows-Winlogon 6001 None The winlogon notification subscriber <Profiles> failed a notification event.
    Information 8/31/2009 12:34:11 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
    Warning 8/31/2009 12:34:11 PM Microsoft-Windows-Winlogon 6001 None The winlogon notification subscriber <Sens> failed a notification event.
    Error 8/31/2009 12:34:10 PM Microsoft-Windows-User Profiles Service 1500 None "Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.
    DETAIL - Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
    Warning 8/31/2009 12:34:10 PM Microsoft-Windows-User Profiles General 1509 None "Windows cannot copy file C:\Users\Default\AppData\Local\Microsoft\Windows Live\SqmApi\SqmData720896_00.sqm to location C:\Users\TEMP\AppData\Local\Microsoft\Windows Live\SqmApi\SqmData720896_00.sqm. This error may be caused by network problems or insufficient security rights.
    DETAIL - Access is denied.
    Error 8/31/2009 12:34:09 PM Microsoft-Windows-User Profiles Service 1511 None Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
    Warning 8/31/2009 12:34:09 PM Microsoft-Windows-User Profiles General 1509 None "Windows cannot copy file C:\Users\Default\AppData\Local\Microsoft\Windows Live\SqmApi\SqmData720896_00.sqm to location C:\Users\{New Username}\AppData\Local\Microsoft\Windows Live\SqmApi\SqmData720896_00.sqm. This error may be caused by network problems or insufficient security rights.
    DETAIL - Access is denied.
    Naturally I started with the earliest error first, and decided to look to see what is going on.  The file that is trying to be copied is there, but the destination folder does not exist.  As near as I can tell, whatever process (the User Profiles General Service?) is trying to perform the copy does not have sufficient access to perform the operation.  Specifically I suspect it may not be able to create the appropriate folders before performing the copy.  Interestingly, it appears that when windows attempts to open/create a temporary account profile, the same issue occurs.  Since there is no registry entry either, I suspect that the issue also extends to the creation of registry keys, but I am not familiar enough with the sequence of events in the creation of a user profile to determine if this would come before or after a user profile's first login.
    I attempted to find more information, and was able to investigate the UPS diagnostic event log (for a different, but identical attempt at creating and using the new profile).  The following two (unhelpful to me) log entries were generated.
    Level Date and Time Source Event ID Task Category
    Information 8/31/2009 12:34:10 PM Microsoft-Windows-User Profiles Service 1002 (1001) "The description for Event ID 1002 from source Microsoft-Windows-User Profiles Service cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
    If the event originated on another computer, the display information had to be saved with the event.
    The following information was included with the event:
    The message id for the desired message could not be found
    Information 8/31/2009 12:34:09 PM Microsoft-Windows-User Profiles Service 1001 (1001) "The description for Event ID 1001 from source Microsoft-Windows-User Profiles Service cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
    It seems to imply that the User Profiles Service may be corrupted, but this may also be unrelated.  I do not know how to specifically repair this service anyway (but am open to try it if someone can walk me through it a bit).
    There's the info.  I'd like to figure out how to watch the account creation process in more detail to see if I gleen more, but I don't have the experience to know what to do to enable such a log.  I will not perform a reinstall and am loath to do a restore, instead looking more for a cause and effect repair: something that would actually help MS fix the problem rather than have the customer fix the symptom.
    Thanks in advance to responders!
    To resolve this issue, I suggst you delete the file C:\Users\Default\AppData\Local\Microsoft\Windows Live\SqmApi\SqmData720896_00.sqm.Arthur Xie - MSFT

  • Failed attempts on radius from a strange user

    Hello all,
    I have ACS server 4.2 and I have noticed that there are too many failed attempts from usernames just like:
    [email protected]
    [email protected]
    The number before the "@" changes for different users! (I am not ev
    I tried to search for those I noticed it is something related to using 3G networks over Wi-Fi!!
    I am not familiar with this technology (if my undrestanding about thi is correct).
    I just want to know what type of devices would possibly use this feature (what mobile phones vendors for example) and how to stop it (configure it correctly on the end station).
    apprecaite your help.
    Amjad

    Thanks Mohammad for your quick reply.
    I already know that failed attempt is due improper configuratoin on client. failure code in ACS is "EAP type not configured". Those stations -that high likely a mobile phones - usually use EAP-SIM which is not even supported by our ACS.
    EAP-SIM configuration by default has "User name in Use" configured as "From SIM card". This is why we possibly seeing those.
    Tracking the device is very difficult due to users are mobile and there are too many users around in same area/areas.
    I just now successfully isolated that all devices reported this are Nokia devices!! Now it is easier to go to some area and ask about those who have Nokia phones rather than checking everyone's phone.
    Thanks ya m3almi.
    Amjad

  • An account failed to log on unknown username or password. Causing Login audit failures

    I have a SBS11 Essentials server that is getting audit Failures over and over again. There computer account says it's the SBS11 server it's self.  It says unknown user name or bad password. I have checked for scheduled tasks, backup jobs, services and
    non of them are using any special user accounts.  I have used MS network monitor and can't find anything helpful to lead to the issue.  All computers in the network are running Windows 7.  The domain functional level is 2008 R2.
    I get a the 4768 event ID about a Kerberos event and then just after I get a Event ID 4625 account failure with Logon Type 3.  I have includes the events below.  I need to figure what is causing the audit failures as my GFI Test Hacker alert is
    catching it every morning.  Disabling the Test Hacker alert is not a option.  I have used Process Explorer also but can't seem to pin it down.  I also enabled Kerberos logging.
    http://support.microsoft.com/kb/262177?wa=wsignin1.0.  All event codes state its a unknown or no existing account but how do I stop it from happening?
    This is from the System Event log
    A Kerberos Error Message was received:
    on logon session TH.LOCAL\thsbs11e$
    Client Time:
    Server Time: 14:59:53.0000 3/4/2014 Z
    Error Code: 0x6 KDC_ERR_C_PRINCIPAL_UNKNOWN
    Extended Error:
    Client Realm:
    Client Name:
    Server Realm: TH.LOCAL
    Server Name: krbtgt/TH.LOCAL
    Target Name: krbtgt/[email protected]
    Error Text:
    File: e
    Line: 9fe
    Error Data is in record data.
    This is from the Security Event log
    A Kerberos authentication ticket (TGT) was requested.
    Account Information:
    Account Name: S-1-5-21-687067891-4024245798-968362083-1000
    Supplied Realm Name: TH.LOCAL
    User ID: NULL SID
    Service Information:
    Service Name: krbtgt/TH.LOCAL
    Service ID: NULL SID
    Network Information:
    Client Address: ::1
    Client Port: 0
    Additional Information:
    Ticket Options: 0x40810010
    Result Code: 0x6
    Ticket Encryption Type: 0xffffffff
    Pre-Authentication Type: -
    Certificate Information:
    Certificate Issuer Name:
    Certificate Serial Number:
    Certificate Thumbprint:
    Certificate information is only provided if a certificate was used for pre-authentication.
    Pre-authentication types, ticket options, encryption types and result codes are defined in RFC 4120.
    I then get teh following error in the next event
    An account failed to log on.
    Subject:
    Security ID: SYSTEM
    Account Name: THSBS11E$
    Account Domain: TH
    Logon ID: 0x3e7
    Logon Type: 3
    Account For Which Logon Failed:
    Security ID: NULL SID
    Account Name:
    Account Domain:
    Failure Information:
    Failure Reason: Unknown user name or bad password.
    Status: 0xc000006d
    Sub Status: 0xc0000064
    Process Information:
    Caller Process ID: 0x25c
    Caller Process Name: C:\Windows\System32\lsass.exe
    Network Information:
    Workstation Name: THSBS11E
    Source Network Address: -
    Source Port: -
    Detailed Authentication Information:
    Logon Process: Schannel
    Authentication Package: Kerberos
    Transited Services: -
    Package Name (NTLM only): -
    Key Length: 0
    This event is generated when a logon request fails. It is generated on the computer where access was attempted.
    The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
    The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
    The Process Information fields indicate which account and process on the system requested the logon.
    The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
    The authentication information fields provide detailed information about this specific logon request.
    - Transited services indicate which intermediate services have participated in this logon request.
    - Package name indicates which sub-protocol was used among the NTLM protocols.
    - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

    Well I opened the case for him and he never followed up with Microsoft :-(
    It's a kerberos issue, we're told to ignore it.  Would you be willing to be patient and stubborn and work with CSS to at least understand what's going on better?  I can tell you it's normal with Essentials but not the exact technical reason it's
    happening.
    Unfortunately TechNet isn't coming back, sorry folks :-(

  • ACS v5.1 - Can internal users be disabled after x failed attempts?

    I have noticed under authentication settings for internal user accounts there is no setting to disable the account after x number of failed attempts (ACS v5.1). This is such a fundamental requirement for user accounts that I am wondering whether I have missed something. (They include this option on Administration accounts)
    Does anyone know if can this be set somewhere else or is Cisco going to implement it in a later version?
    Many Thanks

    Hello jrabinow ,
    Thanks  a lot for the reply .
    We already have our AD setup to lock account of users who failed 3 consecutive windows login attempts .
    However when network administrators fail to login  after 3 consecutive attempts into a network device, they can still login into a network device if they provide their correct AD credentials .
    Is there any specific configuration that needs to be done on the AD to be aware of the failed login attempts on the network devices and count it the same as a failed windows login attempt ?!
    Kind Regards ,
    Moussa

  • Account lockout for failed attempts in acs 5.1.0.44.6

    Hi All ,
                I have ACS1121 running version 5.1.0.44.6 on my network environement , I need to enable account lock-out for internal user during failed attempt for more than 8 times , How to achieve this .
                I could see account lock-out for administrator user account , not for internal user .

    In general this feature is not supported and is part of the CS 5.3 release which is scheduled for FCS later this year
    However, looking at the list of patches I can see that the 5.2.0.26.4 cumulative patch includes a fix for the following:
    CSCth12406: ACS 5 does not have option to disable local account on failed attempts
    I am not familiar specifically with these changes but looking at the CDETS it appears that after the installation of the patch the following options are available:
    1.Selected 'System Administration' in ACS under left pane in primary server.
    2.Selected 'Users -> Authentication Settings -> Advanced ' . Account Disablement section will be displayed.
    3.Selected check box 'Failed attempt exceeds' and provide count of number of attempts after which account is disable
    Since you are on a 5.1 release you would need to upgrade to 5.2 and then install the patch (or 5.2.0.26.5 which is in fact the latest patch)

  • Blocking clients with repeating failed attempts in ACS 5.4

    Hi
    I use my ACS to authenticate clients from both LNS ans wireless.
    There are always users with wrong configuration that repeat the authentication process and fail thousands time and 'hammer' the ACS servers.
    Is there a way to block repeated failed attempts?
    Thanks!
    Naor.

    Hi, and thanks for the quick reply! Few questions:
    That will prevent clients from re-authenticating for 15 minutes?
    If so, how client will be able to roam on campus? that requires re-authentication...
    Naor.

  • According to Apple, my passwords are incorrect, I've forgotten my birthdate and I am unable to access my account that I've had for years.  I just want to access my mail and I'm logged out for too many failed attempts

    I need help with unlocking my 'locked' account.  According to Apple, my birthdate is inaccurate, my passwords are incorrect and due to too many failed attempts, I'm without email.  Please Help

    Boot from the installation DVD, then go to Utilities/Password Reset.

  • How do I prevent "The user profile service service failed the log on" error messages?

    I work for an organization with approximately 60 staff members across ~80 Windows 7 Professional PCs. Users log in with Active Directory accounts.
    Approximately once per month, a random user will get an error message while attempting to log into their machine that says "The user profile service service failed the log on."  The solution to resolve this issue is here: http://support.microsoft.com/kb/947215?ppud=4&wa=wsignin1.0.
    The problem is that I want to PREVENT this issue from happening, as it is incredibly inconvenient for the user. I had one staff member board a 5-hour plane trip expecting to do work, and once she got in the air she logged in and
    received the error message and was unable to use her computer for the trip. I've had others locked out of their computer with deadlines to get things done, while I am at home off the clock. Editing the registry is not an easy fix, and so it's not something
    I can just post instructions for in a knowledgebase article.
    Does anyone know how to prevent this issue from occurring? I believe that it has something to do with a network-based startup script, or a service trying to connect to our file server, or the computer trying to connect to our ad server. All of these
    are blocked by firewalls (unless the user is off-site), and I suspect that the services may be timing out, causing the user profile service service failed the logon error message, but I can't seem to eliminate it, after nearly a year of trying.
    90% of the time this problem occurs when the user is off-site, but it has happened while the user is in the office too. Once the user gets this error message, the only way to resolve the problem is to log into their computer as a localadministrator account
    and perform the method #1 fix in the knowledgebase article.
    Thanks

    Have you checked the logged files in event viewer around the time when problem occurred?
    Is there any suspicious events like error or warning related to this issue.
    Try run Active Directory Best Practice Analyzer:
    http://technet.microsoft.com/en-us/library/dd759260.aspx

  • Password logon no longer possible---too many failed attempts

    Dear All,
    I Have a problem with one user-id , with out entering the wrong password it automatically locked
    4 to 5 times it is locking daily , no one not entering any wrong password,
    why it's locking  ?  it shows this message  : *password logon no longer possible---too many failed attempts*
    what could be the reasion, please suggest me ,  if any one has answer for this give me the proper solution as
    early as possible.
    Thanking you ,
    Thanks  & Regards,
    Narasimha.

    Hi everybody,
    I have created a new client using SCC4.
    I have logged into that client and had done LOCAL CLIENT COPY with sap_usr profile
    and scheduled it as a background job.
    the job was also successfully completed.
    but one day later when i tried to login into that particular client it is throwing the error:
    'password logon is no longer possible - too many failed attempts'.
    why it is happening, plz someone help me in this regard.
    Thank you very much in advance, do the needful.
    regars
    SWAPPY

  • JSP fails silently: Logs reveal "exception occurred in JNI_OnLoad"

    I'm running Apache Tomcat/4.1.10 with JVM 1.4.0_02. This is all running on Solaris 2.6 under a chrooted environment and seems to work quite well when I run test apps and such.
    Here's my problem:
    I installed Jive 2.6.1 Enterprise and attempted to run the initial setup tool by pointing my browser to /admin/setup/index.jsp. The JSP output starts loading into my browser, but then stops abruptly. The setup tool never finishes.
    Logs record a stack trace after this first failed attempt. Subsequent attempts to run the JSP record a different stack trace. They're listed below in order.
    I'm banging my head against a wall trying to debug this. Installing a previous version of Tomcat didn't change anything. Google searches have not been forthcoming, except that most JNI_OnLoad errors seem to happen on Solaris. I've copied countless megs worth of *.so files into my chrooted environment. Any insight into this would be much appreciated.
    Thanks,
    Greg
    2002-09-20 10:19:26 StandardWrapperValve[jsp]: Servlet.service() for servlet jsp threw exception
    org.apache.jasper.JasperException: exception occurred in JNI_OnLoad
    at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:246)
    at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:289)
    at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:240)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:260)
    at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline. java:643)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
    at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
    at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline. java:643)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
    at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
    at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2397)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
    at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline. java:643)
    at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170)
    at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline. java:641)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:171)
    at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline. java:641)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
    at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
    at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline. java:643)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
    at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
    at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:405)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.ja va:380)
    at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:508)
    at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:533)
    at java.lang.Thread.run(Thread.java:536)
    ----- Root Cause -----
    javax.servlet.ServletException: exception occurred in JNI_OnLoad
    at org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:497)
    at org.apache.jsp.index_jsp._jspService(index_jsp.java:1064)
    at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:136)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:202)
    at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:289)
    at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:240)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:260)
    at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline. java:643)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
    at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
    at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline. java:643)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
    at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
    at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2397)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
    at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline. java:643)
    at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170)
    at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline. java:641)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:171)
    at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline. java:641)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
    at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
    at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline. java:643)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
    at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
    at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:405)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.ja va:380)
    at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:508)
    at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:533)
    at java.lang.Thread.run(Thread.java:536)
    2002-09-20 10:19:51 StandardWrapperValve[jsp]: Servlet.service() for servlet jsp threw exception
    org.apache.jasper.JasperException
    at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:246)
    at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:289)
    at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:240)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:260)
    at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline. java:643)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
    at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
    at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline. java:643)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
    at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
    at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2397)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
    at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline. java:643)
    at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170)
    at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline. java:641)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:171)
    at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline. java:641)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
    at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
    at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline. java:643)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
    at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
    at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:405)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.ja va:380)
    at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:508)
    at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:533)
    at java.lang.Thread.run(Thread.java:536)
    ----- Root Cause -----
    javax.servlet.ServletException
    at org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:497)
    at org.apache.jsp.index_jsp._jspService(index_jsp.java:1064)
    at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:136)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:202)
    at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:289)
    at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:240)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:260)
    at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline. java:643)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
    at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
    at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline. java:643)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
    at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
    at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2397)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
    at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline. java:643)
    at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170)
    at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline. java:641)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:171)
    at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline. java:641)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
    at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
    at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline. java:643)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
    at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
    at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:405)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.ja va:380)
    at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:508)
    at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:533)
    at java.lang.Thread.run(Thread.java:536)

    Update:
    Running Tomcat from a non-chrooted environment gives correct behavior. Evidentally my Jive installation is fine, my Tomcat is fine, and my JVM is fine.
    The problem must be related to the chroot, where the JVM is trying to load some native library that doesn't exist in chroot world.
    My question is simply, how do I figure out which one? Can anybody point me in the right direction?
    Thanks a bunch,
    Greg

Maybe you are looking for

  • I am having keyboard problems when trying to boot up an OS (bootcamp on Mac Mini Server)

    I recently tried using bootcamp on my new Mac Mini Server. I uploaded a windows ISO Image perfectly the way it asked, Windows 7, I followed the correct steps, euqally divided one of the hard drives, and I was ready to actually set up the new Windows

  • How can I disable my ipod from being controlled by others

    My brother has an iPhone 5 and he keeps restarting my whole iPod from his phone.  Does anyone know how to disable it or something that won't let him do that? And by restarting I mean he restarts it to a whole new iPod.

  • Trying to install Itunes 10.5 update problems.

    Trying to install Itunes 10.5 update onto my netbook running windows xp and it keeps telling me it can't continue the update due to missing something from the windows installer package. My installer package is the latest I can find which is 4.5 from

  • Batch updates with callable/prepared statement?

    The document http://edocs.bea.com/wls/docs70/oracle/advanced.html#1158797 states that "Using Batch updates with the callableStatement or preparedStatement is not supported". What does that actually mean? We have used both callable and prepared statem

  • Ps, cropping problems

    In photoshop, why is my cropping tool taking minutes to work? on a PC with window 7 ultimate.