I have a service all open with tech support but maybe someone on this board has a solution for this.
The scenario is this:
During a foundstone scan of Windows 2003 and 2000 servers using the MITS scan template with a credential set configured to use an Active Directory account which has local admin access on all servers that are being scanned the account becomes locked out.
The login failure event that is displayed is: Logon for user "xxxx" failed with error (0X8007052E)
I have worked with phone support and tried several different configuration option:
-uncheck use credentials if possible in scan configuration
-search for "null password" in scan signatures and remove all scans that meet this criteria.
I have confirmed that the target server is part of the domain and that the "xxxx" account has local admininstrator access to the target. Any ideas/suggestions as to what is causing this issue are appreciated!
That error is consistent with:
Logon failure: unknown user name or bad password.
What is the SR # you've logged with Support?
I spoke to the ticket ownwer the severity of the issue has been raised, and escalated to the next level of support.
I expect you should be getting answers soon.
This question is a couple years old but was this ever answered?
I'm having a similar issue. I'm trying to run a credential scan on a few Windows boxes and I get the same error code.
I had a similar problem on Unix systems. In our case, we discovered that when the scan engine was under load, some of the login attempts would time out. If enough of them timed out (i.e. failed logins), the ldap account was logged out.
We increased the number of allowed failed logins before a lockout (for the scan account only) by just a bit, and I adjusted scan start times/days to reduce the load on the scan engines.
If you think this might be your problem, take a look at load on your scan engines during peak scan times.
The original poster actually had 2 credentials defined for the scan - one was correct, the other had a bad password.
When they removed the bad credentials, the problem was resolved.
jdunn's suggestion is also good. If you have strict policys in place for login attempts on your network, you might benefit from staggering or slowing your scans down.
I hope that helps!