Highlighted
Absent Member.
Absent Member.
841 views

Certificate problem?

My account with some admin privileges has been locked out several times
for no apparent reason since I upgraded to SP2 last week (I revoked my
privileges while investigating). Yesterday I exported a new certificate
and restarted Apache and Tomcat and it may have fixed the problem,
although it might be too early to tell. If it was a cert problem, what
might have happened during the upgrade? The problem didn't show up until
about 3 days after the upgrade, but it's the only change I made to the
servers in the last week. Also, what event would be going on in the
background to cause this? It definitely wasn't a problem of mistyping
passwords. Thanks for any insights.

Tim
Labels (1)
0 Likes
6 Replies
Highlighted
Absent Member.
Absent Member.

Re: Certificate problem?

Tim Rath,
> My account with some admin privileges has been locked out several times
> for no apparent reason since I upgraded to SP2 last week (I revoked my
> privileges while investigating).
>

Do you have an address? Normally that kind of problems are not related to
certs. What can happen though is that certificates expire, tey do so after
2 years and when you reboot, then Apache and Tomcat will complain. Did you
run PKIDIAG to check?

- Anders Gustafsson, Engineer, CNE6, ASE
NSC Volunteer Sysop
Pedago, The Aaland Islands (N60 E20)

Novell does not monitor these forums officially.
Enhancement requests for all Novell products may be made at
http://support.novell.com/enhancement

Using VA 5.51 build 315 on Windows 2000 build 2195

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Certificate problem?

PKIdiag runs with no errors, and I'm having no trouble running imanager
and remote manager over ssl. I did not have any failed logins showing up
on my account this morning. However, I have 11 showing up since logging
in 45 minutes ago even though I have only logged in once. The IP address
showing up in the Remote Manager failed logins is the server IP. Should
I post any logs? If so, OK to post them to the public forum? Thanks for
your feedback.

Tim

Anders Gustafsson wrote:
> Tim Rath,
>> My account with some admin privileges has been locked out several times
>> for no apparent reason since I upgraded to SP2 last week (I revoked my
>> privileges while investigating).
>>

> Do you have an address? Normally that kind of problems are not related to
> certs. What can happen though is that certificates expire, tey do so after
> 2 years and when you reboot, then Apache and Tomcat will complain. Did you
> run PKIDIAG to check?
>
> - Anders Gustafsson, Engineer, CNE6, ASE
> NSC Volunteer Sysop
> Pedago, The Aaland Islands (N60 E20)
>
> Novell does not monitor these forums officially.
> Enhancement requests for all Novell products may be made at
> http://support.novell.com/enhancement
>
> Using VA 5.51 build 315 on Windows 2000 build 2195
>

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Certificate problem?

Tim Rath,
> However, I have 11 showing up since logging
> in 45 minutes ago even though I have only logged in once. The IP address
> showing up in the Remote Manager failed logins is the server IP.
>

OK. Have you changed your password? Have you used your credentials when
installing any server-side stuff. Ie things like ArcServe that store
credentials with their jobs.

- Anders Gustafsson, Engineer, CNE6, ASE
NSC Volunteer Sysop
Pedago, The Aaland Islands (N60 E20)

Novell does not monitor these forums officially.
Enhancement requests for all Novell products may be made at
http://support.novell.com/enhancement

Using VA 5.51 build 315 on Windows 2000 build 2195

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Certificate problem?

I have not changed my password in the last 5 weeks. I was logged into
edirectory as myself from my Windows workstation when I installed the
service pack, which I have done in the past without incident. I haven't
installed any 3rd party products recently.

I talked to the admin in another department just a few minutes ago. He
had the same problem with 2 or 3 accounts, but the problem seemed to
magically go away after a week or so before they were able to determine
what the root of the problem was.

Tim

Anders Gustafsson wrote:
> Tim Rath,
>> However, I have 11 showing up since logging
>> in 45 minutes ago even though I have only logged in once. The IP address
>> showing up in the Remote Manager failed logins is the server IP.
>>

> OK. Have you changed your password? Have you used your credentials when
> installing any server-side stuff. Ie things like ArcServe that store
> credentials with their jobs.
>
> - Anders Gustafsson, Engineer, CNE6, ASE
> NSC Volunteer Sysop
> Pedago, The Aaland Islands (N60 E20)
>
> Novell does not monitor these forums officially.
> Enhancement requests for all Novell products may be made at
> http://support.novell.com/enhancement
>
> Using VA 5.51 build 315 on Windows 2000 build 2195
>

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Certificate problem?

Tim Rath wrote:

> I have not changed my password in the last 5 weeks. I was logged into
> edirectory as myself from my Windows workstation when I installed the
> service pack, which I have done in the past without incident. I
> haven't installed any 3rd party products recently.
>
> I talked to the admin in another department just a few minutes ago.
> He had the same problem with 2 or 3 accounts, but the problem seemed
> to magically go away after a week or so before they were able to
> determine what the root of the problem was.


Do you have cifs enabled on your server ? Could be that your
workstation is trying to connect to the server using cifs (without you
knowing it).

--
Cheers,
Edward
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Certificate problem?

I don't have CIFS enabled. After I was sure that I was being locked out
because of a process and not a hacker, I gave myself back some rights
because if there is a process trying to authenticate it might fail
because of my limited rights. Kind of an odd chicken-egg sort of thing.
Since I stepped up the rights again, no problems. I guess I'll never
know what caused the original problem, so I'll just have to continue to
monitor. Thanks to everyone for the feedback.

Tim

Edward van der Maas wrote:
> Tim Rath wrote:
>
>> I have not changed my password in the last 5 weeks. I was logged into
>> edirectory as myself from my Windows workstation when I installed the
>> service pack, which I have done in the past without incident. I
>> haven't installed any 3rd party products recently.
>>
>> I talked to the admin in another department just a few minutes ago.
>> He had the same problem with 2 or 3 accounts, but the problem seemed
>> to magically go away after a week or so before they were able to
>> determine what the root of the problem was.

>
> Do you have cifs enabled on your server ? Could be that your
> workstation is trying to connect to the server using cifs (without you
> knowing it).
>

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.