Hmm. Good point. Most of the users haven't upgraded their user clients yet and are still using AR User 5.1.2 p1267 (yes, I know this is bad and we're working on updating everyone's clients). But nobody uses the Alert tool. Thanks! John
-----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Grooms, Frederick W Sent: Wednesday, February 28, 2007 3:59 PM To: arslist@ARSLIST.ORG Subject: Re: Locking out AD accounts ** You don't state if your users are using patch 18 of the User tool or not... There is a bug fixed in User Tool patch 17 SW00234712 -- When it fails to login to Alert Tool, AREA Plugin is called twice. When it fails to login to Admin, User, Import Tool, AREA Plugin is called once. Can your users be bringing up the Alert Tool also? If they are then when they type their password wrong they can be making 4 AREA tries (User to 2 servers and Alert to 2 servers). Fred _____ From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of John Hanson Sent: Wednesday, February 28, 2007 5:44 PM To: arslist@ARSLIST.ORG Subject: Re: Locking out AD accounts ** Not quite - we have 2 servers in our server group. Thanks, John -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Joe DeSouza Sent: Wednesday, February 28, 2007 3:34 PM To: arslist@ARSLIST.ORG Subject: Re: Locking out AD accounts ** You don't happen to be behind a server group having 3 or more servers are you?? I cannot really confirm it but it might be possible that the AR Client is designed to try the next server if it doesn't get into the first one and so on.. until it fails on 3 or more thus invalidating the user on AD with 3 bad password attempts... Just a thought... Joe ----- Original Message ---- From: John Hanson <[EMAIL PROTECTED]> To: arslist@ARSLIST.ORG Sent: Wednesday, February 28, 2007 5:55:24 PM Subject: Locking out AD accounts ** Hello all, Since we upgraded to 6.3 I've been getting several reports from users who say that their active directory accounts are being locked out after a single bad password attempt, whereas in the previous version this was not the case. We're using the same AREA LDAP integration now that we did before, but it seems that in 6.3 Remedy tries to contact the LDAP server several times instead of just once. Does anyone know of a configuration setting that I can add that would prevent it from making so many attempts? I found something of use in a KB article for version 5.1.2, but it doesn't seem to apply here...: It is recommended that users use 5.0.1 patch 1136 or higher of the client User Tool because it fixes a problem where if the user enters in the wrong password, the unpatched version keeps trying to login the user 5 times. Most customers have a rule set up to lock out a users account if they try three times without entering in the correct password. Therefore, the unpatched user tool can lock out a user's NT account if they make one mistake on the password. Any thoughts are appreciated. ARS 6.3 p18 Solaris 9 Oracle 9.2 Thanks!! John Hanson Remedy Administrator/Developer The Standard 1100 SW Sixth Avenue Portland, OR 97204 Telephone (971) 321-7153 [EMAIL PROTECTED] __20060125_______________________This posting was submitted with HTML in it___ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"