A colleague of mine noticed on one of our NetWare 6.5 servers, high
“Failed Login counts”. The culprits were two workstations attempting to
login all the time, average was 600+ times an hour. This was not
detrimental to server performance, just one of those annoyances – why is
it doing it?
The forums suggested a ZENworks issue. As an experiment I deleted one
workstation from the Tree, and that disappeared from the log. I deleted
the other one, and this morning both workstations are re-imported into
The problem has gone away. I don’t know if anyone else has raised this, but
this worked for me.
Hope this helps.
Editor’s Note: If anyone knows the underlying reason why his fix worked, we’d all love to hear it.
PC probably was from an “image” and the zwsreg -unreg command was not issued before sysprep was run.
When an image is deployed to a PC most likely it gets a new IP Address if using DHCP. Thus the workstation ID is wrong (it will display as a duplicate from the PC it was originally imaged from and not reflect the new IP address in its ID) in ZENworks. Probably because the SID is changed the logon from the PC via workstation will be invalid when trying to authenticate to a NetWare server.
ZENworks Workstation objects are real eDirectory objects and can login. In fact they do login. This is how ZENworks delivers workstation-associated policies and applications.
On import they generate a long and somewhat random-looking password. If
something goes wrong on the Windows end, or the eDirectory end and they
fall out of sync, then of course they cannot login.
As Tony noted, deleting the object and reimporting resolves it by
basically reseting the password for the object.
One interesting way to see some of this would be in the About of the
ZENworks Management Agent. Since V4 I think, there is a More button on
the About page. Hold down F2 and click on More, and you get a very useful
diagnostic screen, that includes the ID of the workstation object being
used on this machine.
Depends on what is shown in NRM:
In our case, EVERY NetWare 6.5 server we have started showing massive failed login attempts after SP4a. When we looked at NRM, the “failed” attempts only showed a context and an IP. No userid. So we’d see something like: “ou=abc.o=123″ and an IP address. Hundreds of them.
We opened an SR with Novell and were told they had no idea why it was doing that and that it was a cosmetic issue with NRM and not to worry about it.