Workaround for High Failed Login Counts
Novell Cool Solutions: Tip
By Tony Kelly
Digg This -
Updated: 13 Apr 2007
A colleague of mine noticed on one of our NetWare 6.5 servers, high "Failed Login counts". The culprits were two workstations attempting to login all the time, average was 600+ times an hour. This was not detrimental to server performance, just one of those annoyances - why is it doing it?
The forums suggested a ZENworks issue. As an experiment I deleted one workstation from the Tree, and that disappeared from the log. I deleted the other one, and this morning both workstations are re-imported into the Tree.
The problem has gone away. I don't know if anyone else has raised this, but this worked for me.
Hope this helps.
Editor's Note: If anyone knows the underlying reason why his fix worked, we'd all love to hear it.
PC probably was from an "image" and the zwsreg -unreg command was not issued before sysprep was run.
When an image is deployed to a PC most likely it gets a new IP Address if using DHCP. Thus the workstation ID is wrong (it will display as a duplicate from the PC it was originally imaged from and not reflect the new IP address in its ID) in ZENworks. Probably because the SID is changed the logon from the PC via workstation will be invalid when trying to authenticate to a NetWare server.
ZENworks Workstation objects are real eDirectory objects and can login. In fact they do login. This is how ZENworks delivers workstation-associated policies and applications.
On import they generate a long and somewhat random-looking password. If something goes wrong on the Windows end, or the eDirectory end and they fall out of sync, then of course they cannot login.
As Tony noted, deleting the object and reimporting resolves it by basically reseting the password for the object.
One interesting way to see some of this would be in the About of the ZENworks Management Agent. Since V4 I think, there is a More button on the About page. Hold down F2 and click on More, and you get a very useful diagnostic screen, that includes the ID of the workstation object being used on this machine.
Depends on what is shown in NRM:
In our case, EVERY NetWare 6.5 server we have started showing massive failed login attempts after SP4a. When we looked at NRM, the "failed" attempts only showed a context and an IP. No userid. So we'd see something like: "ou=abc.o=123" and an IP address. Hundreds of them.
We opened an SR with Novell and were told they had no idea why it was doing that and that it was a cosmetic issue with NRM and not to worry about it.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com