cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1483
Views
5
Helpful
9
Replies

AD Account lockout with Invalid MOVI password

swestra01
Level 1
Level 1

Hello,

  I am enabling the AD authenication for our MOVI users and I ran into an issue with our active directory accounts being locked out. I have a MOVI subzone setup on our VCS-C that is set to "Check Credentials" and subzone rules pointing MOVI users to that subzone. If I enter my username and correct password in MOVI I authenticate just fine and everything works. The issue is that if I enter the wrong password in the MOVI application once, obviously it won't let me login but it also makes my corporate AD account get locked out. Our AD policay locks accounts after 6 consecutive failed login attempts. To me it seems like the MOVI application is sending off multiple authentication requests with a single log in attempt and since I have the wrong password my AD account is getting locked. Has anyone run  into this issue before? Am I on the right track with what the issue could be?

Thanks for your help,

Steven

1 Accepted Solution

Accepted Solutions

adimchev
Cisco Employee
Cisco Employee

Hi Steven, this is a known bug and it has been resolved in software release 4.5 .

Please check the release notes for CSCua84646.

Regards//Andrey

View solution in original post

9 Replies 9

Magnus Ohm
Cisco Employee
Cisco Employee

As far as i know it does send out multiple requests but i'm not sure if its as high as 6. I think i remember that it is 3 its sending. Someone else might be able to answer more accurate on this but i think you are on the correct path! Do you have check credentials on the default zone and the subzone?

/Magnus

Sent from Cisco Technical Support iPhone App

I have the default zone set to treat as authenticated and the movi subzone set to check credentials. Is there way to change the number of authentication attempts it makes in the provisioning extension?

thanks.

mahkrish
Level 3
Level 3

Hi Steven, can you share the inputs for below.

1. Have you deployed TMSPE or TMSagent for Movi ?
2. What is the tms software version installed ?
3. What is the Operating system version, service pack in your AD authentication server ?
4. Is there a test account in AD which you can use to login to windows domain login with wrong password to verify if the account is getting locked after 6th time with wrong password as per the policy ?

BR, Mahesh Adithiyha

Sent from Cisco Technical Support iPad App

1. Yes, we have TMSPE deployed.

2. We are running 13.2.1 for TMS and x7.2 for VCS-C

3. AD servers are Windows 2008 SP2

4. I don't access to a test ID but I checked with server team and the 6 attempt lock out is part of the group policy for all users so I am confident that is correct.

Thanks.

Pls share Movi version used in your environment let me check in our lab and share more inputs by to"rro.

Sent from Cisco Technical Support iPad App

We are using 4.2.0.10318.

rasimyigit
Level 1
Level 1

Hi,
That is the AD policy, but a interesting point is, how I can prevent that somebody try to type my credentials. And someone typed 6 times, my account is closed. How I can prevent this case. It is possible to include certificates on the jabbertablet or movi? What is the right way

Sent from Cisco Technical Support iPhone App

adimchev
Cisco Employee
Cisco Employee

Hi Steven, this is a known bug and it has been resolved in software release 4.5 .

Please check the release notes for CSCua84646.

Regards//Andrey

OK

Thanks for your responses!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: