06-27-2019 03:19 AM
RTMT reports several failed login attempts to the CUCM Publisher from both IM&P servers.
LoginFrom : [IM&P IPs]
Interface : Apache-Axis2
UserID : admin
AppID : Cisco Tomcat
ClusterID :
NodeID : [Publisher IP]
Password for admin is the same on Publisher and IM&P (web & CLI).
Failed Jabber and Web logins are logged with the client IPs.
Any idea which service might cause this login attempts?
06-27-2019 04:15 AM
06-27-2019 05:25 AM
Maybe, but wouldn't have axl it's own account? Setup on the publisher with credentials set on the Publisher?
What would use the admin account to contact Apache-Axis2 interface on the Publisher infrequently but several times a day, locking the admin account sometimes?
07-24-2019 10:46 AM
optadata,
This might be worth a look.
https://tools.cisco.com/security/center/viewAlert.x?alertId=35357
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide