3 Replies Latest reply on Apr 14, 2014 6:08 PM by djjava9

    Changing the ePO (4.6) database password results in instant lockout

    pschmehl

      We patched our server today for the Heartbleed vulnerability.  In following the instructions regarding changing keys and the database password, we ran into a problem.  When we changed the account password (it's an AD account), it was instantly locked out by machines all over campus.

       

      For example (some fields have been obfuscated):

       

      »4/14/14
      11:00:15.000 AM
      04/14/2014 11:00:15 AM
      LogName=Security
      SourceName=Microsoft Windows security auditing.
      EventCode=4776
      EventType=0
      Type=Information
      ComputerName=obfuscated.campus.ad.utdallas.edu
      TaskCategory=Credential Validation
      OpCode=Info
      RecordNumber=6180313909
      Keywords=Audit Failure
      Message=The computer attempted to validate the credentials for an account.
      Authentication Package:     MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
      Logon Account:     {obfuscated}
      Source Workstation:     {obfuscated}
      Error Code:     0xc0000234

       

      This was repeated multiple times for many different hostnames.  Why are these hosts trying to use the database/admin user account?  What are the logging in for?  Shouldn't the keys be used to communicate?