Solved: Re: UCM Admin "Account has been locked"

tanguayr · ‎07-26-2022

We are using UCM 12.5 and our ccmadministrator account gets locked out of the web-app multiple times throughout the day. We have been using the remedy described here Solved: CUCM - 'Account is Locked' - Cisco Community to regain access each time, but it is very tedious to reset the password nearly every time we need to use the application. I checked "show logins (successful/unsuccessful)" to verify that there are no failed login attempts occurring between sessions, so that would not be causing the lockouts. There are 10 concurrent sessions allowed, and we're certainly not hitting that limit. There is a 30 minute session timeout, but I don't see why it would lock the account every time a timeout occurs. I'm not sure how else to troubleshoot this.

Stephanie Knoop · ‎08-01-2022

Have you tried using RTMT to review the audit logs? That will provide you with the time and IP address of the entity that is failing login. It is possible it could be another system/application/AXL integration that has an old password and it is failing. Understanding the IP may help you hunt it down and correct the issue. You'll find this in RTMT under System > Tools > AuditLog Viewer > AuditApp Logs.

View solution in original post

Jimmywick · ‎07-29-2022

I locked the admin account because I was typing in the admin password for IM&P and not Unified CM. IM&P now uses the Unified CM application username and password. I found the password lock out setting in Unified CM under menu options
User Management / User Settings / Credential Policy. The Default Credential Policy which has the Lockout Duration set to 30 minutes.

This may help you
J wick

Nithin Eluvathingal · ‎07-31-2022

Try a different browser to login. If i am not wrong i have see this issue with the browser cache..

tanguayr · ‎08-01-2022

Thank you for your responses. We have used different browsers to log in. Normally we are using Chrome or Edge, but I use Firefox as well. There is no difference between them with this issue. To Jimmywick's suggestion: we are using a password manager to fill in the credentials, and as I said there are no failed login attempts on the interface. It seems to lock after we've logged in successfully a few times, or perhaps after a certain amount of time has passed since the last login. We can only unlock it by resetting the password, and I cannot find any explanation for it becoming locked.

Update: Nithin, I have just understood what you meant. I think the issue may be resolved by setting our browsers to clear the cookies for our UCM domain. I will come back and accept the solution if this works!

tanguayr · ‎08-01-2022

Alright, it does not seem to be an issue with the browser cache. We set our browsers to clear the cache between sessions, and then we are able to log in a few times until it eventually locks us out for no apparent reason.

There is some additional information I can provide. Sometimes when we log in there is an alert on the main page of UCM that says there have been multiple failed login attempts since the last successful login. It then says that the last successful login was at 11:59:59 on December 31, 1969? I will attach a screenshot of the alert as soon as I see it again.

Stephanie Knoop · ‎08-01-2022

Have you tried using RTMT to review the audit logs? That will provide you with the time and IP address of the entity that is failing login. It is possible it could be another system/application/AXL integration that has an old password and it is failing. Understanding the IP may help you hunt it down and correct the issue. You'll find this in RTMT under System > Tools > AuditLog Viewer > AuditApp Logs.

tanguayr · ‎08-02-2022

RTMT helped us identify a system that was trying to log in three times every hour to check configs even though it had no password set. The problem is most likely solved, but if not then at least we know where to look now. Thank you Stephanie!