telophase: (gojyo screw you // yomigaere)
telophase ([personal profile] telophase) wrote2009-07-15 10:16 am
  • Add Memory
  • Share This Entry

(no subject)

Anyone here who knows anything about Windows servers? Preferably ones with Apache/MySQL/PHP installed on them? The help desk here narrowed down my periodic account-locking problem to coming from the Windows server I've got admin access to, where Apache/PHP/MySQL is installed to run the blogs, but then closed the ticket and left it to us to figure out. My boss has little time to explore, and I have no idea what I'm looking for. At least I've got a record of the times at which I noticed that I was locked out, although I've explored Event Viewer and there is nothing happening there under my login that corresponds with the times.





(Plz to not be going on about how I should resubmit to the help desk or something like that: your average help desk monkey here does not have admin access to this server, and those who do are busy with the aftermath of the previous hacking of the other servers.)
Flat | Top-Level Comments Only

[identity profile] isancho.livejournal.com 2009-07-16 06:31 pm (UTC)(link)
Is the account lockout occurring from too many failed logins?

[identity profile] telophase.livejournal.com 2009-07-16 06:51 pm (UTC)(link)
Believe me, that was the first thing I thought of. Not as far as I can tell. Here's the text of my request to the Help Desk:

Six times in the past two weeks I’ve been locked out of my account after stepping away from my desk for few minutes. In each case…

1) It was on the first try.
2) I am fairly sure I typed my password correctly (the last three times I am more sure of, as I have been paying careful attention because of this)
3) It was on a desktop computer, not one connected to the wireless network
4) Four times from my desktop computer, one time when I was at the Reference desk computer (not remotely connected to my desktop), and one time it was when I was connected remotely to my desktop via VPN from home.

The lockout also occurs when I'm at my desk - I'll have been here for a few hours doing work, then go to get into one of our databases that require us to be logged in and find that I can't get into it, or I'll find that Outlook is throwing errors, or that I can't get into the intranet page without signing in again. The Help Desk's entire reply is:
Something on LIBILL1.LIB.TCU.EDU is causing this. Suggest they look for anything running under her login on that server.

[identity profile] isancho.livejournal.com 2009-07-16 07:49 pm (UTC)(link)
Do you have scripts running on that server? Maybe something that periodically requests something from the domain, or which runs from your PHP scripts and might be trying a login? It could even be something as simple as a mapped share.

I think that the helpdesk's terse reply means that they think something automated or semi-automated is trying to log in with your username. If the password is hard-coded into the script, and it's changed since then, then it would be trying an invalid password. Too many times of that, and the DC will lock your account.

It may even be that the account lockout occurs with too many successful logins--but frankly, that's just a guess. It'd be nice if they could explain what rule is being broken that's causing the lockout.

[identity profile] telophase.livejournal.com 2009-07-16 07:52 pm (UTC)(link)
I've got Apache/MySQL/PHP on it (and a Ruby on Rails install, done after the lockout problem started happening, so I think we can rule it out), running WordpressMU. And nothing that I can think of that should be logging on as me - certainly nothing with my network login hard-coded. Aarg.
Flat | Top-Level Comments Only