Re: end user lockout after 1 failed login

Dennis Mink · ‎02-08-2010

We are running CUCM 6.1.3 and have integrated authentication, using LDAP.

cucm users and admins are locked out after one failed attemp (i have confirmed this on the AD server).

whereas the lock out policy on the AD server and set to lock out after 3 failed attemps (which is working and enforced when logging onto the domain).

I have checked enterprise parameters in CUCM to see if the lock out policy can be changed, couldnt find anything.

has anyone ever seen this before?

Please remember to rate useful posts, by clicking on the stars below.

Tommer Catlin · ‎02-09-2010

You may have a different problem. CUCM has a user configured to lookup the authentication (user name and password) If this user has a problem, it will keep failing everyone.

Check the logs first in CUCM and see what the security is saying for the LDAP profile account, and also the user that is failing.

Also, check your Domain controller and see if there are any issues with the format that is coming from CUCM. If the user name has some odd characters or spaces or the password has unsupport characters, CUCM may not pass the info correctly to LDAP

Dennis Mink · ‎02-09-2010

actually, the authentication uses a service account called scv_UnifiedCM. and always works when the user password is typed in correctly.

The problem i am describing only related to the AD account lock out after one failed login.

I have done a packet capture on CUCM when simulating a failed login. It turns out that CUCM send the same authentication request to the AD server 3 times, causing it to lock. This would mean that the problem is caused by CUCM.

Please remember to rate useful posts, by clicking on the stars below.

Tommer Catlin · ‎02-09-2010

Now that you mentioned it, I think I have seen this before. Hunt around the bug report for his. I recall seeing something like this before. If there is a chance... Id upgrade to latest 6.14 release.