cancel
Showing results for 
Search instead for 
Did you mean: 
perrinm
Level 7

Why does my Active Directory account that Foundstone is using to run credential enabled scans keep getting locked out?

I have a service all open with tech support but maybe someone on this board has a  solution for this.

The scenario is this:

During a foundstone scan of Windows 2003 and 2000 servers using the MITS scan template with a credential set configured to use an Active Directory account which has local admin access on all servers that are being scanned the account becomes locked out.

The login failure event that is displayed is:  Logon for user "xxxx" failed with error (0X8007052E)

I have worked with phone support and tried several different configuration option:

-uncheck use credentials if possible in scan configuration

-search for "null password" in scan signatures and remove all scans that meet this criteria.

I have confirmed that the target server is part of the domain and that the "xxxx" account has local admininstrator access to the target. Any ideas/suggestions as to what is causing this issue are appreciated!

Thanks!

0 Kudos
6 Replies
cgrim
Level 13

Re: Why does my Active Directory account that Foundstone is using to run credential enabled scans keep getting locked out?

hi perrinm,

That error is consistent with:

Logon failure: unknown user name or bad password.

What is the SR # you've logged with Support?

-Cathy

0 Kudos
perrinm
Level 7

Re: Why does my Active Directory account that Foundstone is using to run credential enabled scans keep getting locked out?

Hi Cathy,

The case number is:

3-846726974

Mike

0 Kudos
cgrim
Level 13

Re: Why does my Active Directory account that Foundstone is using to run credential enabled scans keep getting locked out?

Hi Mike,

I spoke to the ticket ownwer the severity of the issue has been raised, and escalated to the next level of support.

I expect you should be getting answers soon.

-Cathy

0 Kudos
tpowell
Level 7

Re: Why does my Active Directory account that Foundstone is using to run credential enabled scans keep getting locked out?

This question is a couple years old but was this ever answered?

I'm having a similar issue.  I'm trying to run a credential scan on a few Windows boxes and I get the same error code.

-Terry

0 Kudos
jldunn
Level 10

Re: Why does my Active Directory account that Foundstone is using to run credential enabled scans keep getting locked out?

I had a similar problem on Unix systems.  In our case, we discovered that when the scan engine was under load, some of the login attempts would time out.  If enough of them timed out (i.e. failed logins), the ldap account was logged out.

We increased the number of allowed failed logins before a lockout (for the scan account only) by just a bit, and I adjusted scan start times/days to reduce the load on the scan engines.

If you think this might be your problem, take a look at load on your scan engines during peak scan times.

j.

0 Kudos
cgrim
Level 13

Re: Why does my Active Directory account that Foundstone is using to run credential enabled scans keep getting locked out?

Hi Terry,

The original poster actually had 2 credentials defined for the scan - one was correct, the other had a bad password.


When they removed the bad credentials, the problem was resolved.

jdunn's suggestion is also good.  If you have strict policys in place for login attempts on your network, you might benefit from staggering or slowing your scans down.

I hope that helps!
Cathy

0 Kudos