cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

966
Views
5
Helpful
9
Replies
Highlighted
Beginner

AD Account lockout with Invalid MOVI password

Hello,

  I am enabling the AD authenication for our MOVI users and I ran into an issue with our active directory accounts being locked out. I have a MOVI subzone setup on our VCS-C that is set to "Check Credentials" and subzone rules pointing MOVI users to that subzone. If I enter my username and correct password in MOVI I authenticate just fine and everything works. The issue is that if I enter the wrong password in the MOVI application once, obviously it won't let me login but it also makes my corporate AD account get locked out. Our AD policay locks accounts after 6 consecutive failed login attempts. To me it seems like the MOVI application is sending off multiple authentication requests with a single log in attempt and since I have the wrong password my AD account is getting locked. Has anyone run  into this issue before? Am I on the right track with what the issue could be?

Thanks for your help,

Steven

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

AD Account lockout with Invalid MOVI password

Hi Steven, this is a known bug and it has been resolved in software release 4.5 .

Please check the release notes for CSCua84646.

Regards//Andrey

View solution in original post

9 REPLIES 9
Cisco Employee

Re: AD Account lockout with Invalid MOVI password

As far as i know it does send out multiple requests but i'm not sure if its as high as 6. I think i remember that it is 3 its sending. Someone else might be able to answer more accurate on this but i think you are on the correct path! Do you have check credentials on the default zone and the subzone?

/Magnus

Sent from Cisco Technical Support iPhone App

Beginner

AD Account lockout with Invalid MOVI password

I have the default zone set to treat as authenticated and the movi subzone set to check credentials. Is there way to change the number of authentication attempts it makes in the provisioning extension?

thanks.

Participant

Re: AD Account lockout with Invalid MOVI password

Hi Steven, can you share the inputs for below.

1. Have you deployed TMSPE or TMSagent for Movi ?
2. What is the tms software version installed ?
3. What is the Operating system version, service pack in your AD authentication server ?
4. Is there a test account in AD which you can use to login to windows domain login with wrong password to verify if the account is getting locked after 6th time with wrong password as per the policy ?

BR, Mahesh Adithiyha

Sent from Cisco Technical Support iPad App

Beginner

AD Account lockout with Invalid MOVI password

1. Yes, we have TMSPE deployed.

2. We are running 13.2.1 for TMS and x7.2 for VCS-C

3. AD servers are Windows 2008 SP2

4. I don't access to a test ID but I checked with server team and the 6 attempt lock out is part of the group policy for all users so I am confident that is correct.

Thanks.

Participant

Re: AD Account lockout with Invalid MOVI password

Pls share Movi version used in your environment let me check in our lab and share more inputs by to"rro.

Sent from Cisco Technical Support iPad App

Beginner

AD Account lockout with Invalid MOVI password

We are using 4.2.0.10318.

Beginner

Re: AD Account lockout with Invalid MOVI password

Hi,
That is the AD policy, but a interesting point is, how I can prevent that somebody try to type my credentials. And someone typed 6 times, my account is closed. How I can prevent this case. It is possible to include certificates on the jabbertablet or movi? What is the right way

Sent from Cisco Technical Support iPhone App

Cisco Employee

AD Account lockout with Invalid MOVI password

Hi Steven, this is a known bug and it has been resolved in software release 4.5 .

Please check the release notes for CSCua84646.

Regards//Andrey

View solution in original post

Beginner

AD Account lockout with Invalid MOVI password

OK

Thanks for your responses!

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here