Cool Solutions

Workaround for High Failed Login Counts


March 15, 2007 7:35 pm





A colleague of mine noticed on one of our NetWare 6.5 servers, high
“Failed Login counts”. The culprits were two workstations attempting to
login all the time, average was 600+ times an hour. This was not
detrimental to server performance, just one of those annoyances – why is
it doing it?

The forums suggested a ZENworks issue. As an experiment I deleted one
workstation from the Tree, and that disappeared from the log. I deleted
the other one, and this morning both workstations are re-imported into
the Tree.

The problem has gone away. I don’t know if anyone else has raised this, but
this worked for me.

Hope this helps.

Editor’s Note: If anyone knows the underlying reason why his fix worked, we’d all love to hear it.


Grant Sagear

PC probably was from an “image” and the zwsreg -unreg command was not issued before sysprep was run.

When an image is deployed to a PC most likely it gets a new IP Address if using DHCP. Thus the workstation ID is wrong (it will display as a duplicate from the PC it was originally imaged from and not reflect the new IP address in its ID) in ZENworks. Probably because the SID is changed the logon from the PC via workstation will be invalid when trying to authenticate to a NetWare server.

Geoffrey Carman

ZENworks Workstation objects are real eDirectory objects and can login. In fact they do login. This is how ZENworks delivers workstation-associated policies and applications.

On import they generate a long and somewhat random-looking password. If
something goes wrong on the Windows end, or the eDirectory end and they
fall out of sync, then of course they cannot login.

As Tony noted, deleting the object and reimporting resolves it by
basically reseting the password for the object.

One interesting way to see some of this would be in the About of the
ZENworks Management Agent. Since V4 I think, there is a More button on
the About page. Hold down F2 and click on More, and you get a very useful
diagnostic screen, that includes the ID of the workstation object being
used on this machine.

Kevin Hurni

Depends on what is shown in NRM:

In our case, EVERY NetWare 6.5 server we have started showing massive failed login attempts after SP4a. When we looked at NRM, the “failed” attempts only showed a context and an IP. No userid. So we’d see something like: “ou=abc.o=123” and an IP address. Hundreds of them.

We opened an SR with Novell and were told they had no idea why it was doing that and that it was a cosmetic issue with NRM and not to worry about it.

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.

Categories: Uncategorized


Disclaimer: This content is not supported by Micro Focus. It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test it thoroughly before using it in a production environment.