Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
741
Views
0
Helpful
3
Replies

CDA keeps locking out CDAService AD user account

keithsauer507
Level 5
Level 5

‎02-08-2016 07:55 AM

Ok a few changes in our environment in the past few weeks.

1) Our CDA virtual appliance took a dump.  We redeployed it.

2) Introduced a new Server 2012 R2 DC in the environment.

Despite these two things, we keep seeing our AD User account CDAService, which is just a user belonging to the event log readers group, locked out.  Its logged out by a machine called jcifs1_68_50.

I thought maybe when I added the new DC I buggered up the password field.  Nope, I did a direct copy and paste from our password manager (and I checked I had the correct thing pasted by using notepad quick).  

So then I thought lets just change the password.  IN ADUC I changed the password to a new random generated one from our PW mgr software and pasted this in the CDA server for all 4 of our DC's.  They all come up green so I would figure the password is correct.  The IP to user name mappings come up correct too, so you would think that everything was great. 

However randomly, more so if I reboot the CDA or after a backup at 3 AM, the CDAService AD account will be locked out again.

Do you have any idea why this would be?

Labels:
0 Helpful
3 Replies 3

Handy Putra
Cisco Employee
Cisco Employee

‎02-08-2016 03:30 PM

Just checking which patch that you are running in your CDA at the moment

0 Helpful

keithsauer507
Level 5
Level 5
In response to Handy Putra

‎02-09-2016 04:58 AM

Hi, we are on patch 5.

cda01/admin# sh ver

Cisco Application Deployment Engine OS Release:
ADE-OS Build Version:
ADE-OS System Architecture: i386

Copyright (c) 2005-2011 by Cisco Systems, Inc.
All rights reserved.
Hostname: cda01


Version information of installed applications
---------------------------------------------

Cisco Context Directory Agent
---------------------------------------------
Version      : 1.0.0.011
Build Date   : Tue May  8 10:34:26 2012
Install Date : Thu Jan 28 15:15:07 2016

Cisco Context Directory Agent Patch
---------------------------------------------
Version      : 1
Build number : NA
Install Date : Thu Jan 28 15:50:14 2016

Cisco Context Directory Agent Patch
---------------------------------------------
Version      : 2
Build number : NA
Install Date : Thu Jan 28 15:53:35 2016

Cisco Context Directory Agent Patch
---------------------------------------------
Version      : 3
Build number : NA
Install Date : Thu Jan 28 16:04:46 2016

Cisco Context Directory Agent Patch
---------------------------------------------
Version      : 4
Build number : NA
Install Date : Thu Jan 28 16:12:17 2016

Cisco Context Directory Agent Patch
---------------------------------------------
Version      : 5
Build number : NA
Install Date : Thu Jan 28 16:18:23 2016

0 Helpful

broadleon
Level 1
Level 1
In response to keithsauer507

‎06-20-2017 02:49 PM

I also have this issue, did anyone manage to find a fix ?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents