09-30-2015 04:36 PM
I have a user who has been having his account locked out at the domain level and has happened numerous times since Friday. This user is high profile. This started on Friday and has been continuing for the last few days. I have my server and security teams working the issue with no results. The user gets his account unlocked and within the hour it is getting locked. The security monitor SPLUNK reports that my SAS server is the one locking him out. Over the last three days we have rebooted the server, deleted and re-added the account, and had him try to access production, backup and devel servers. Today we opened a SAS Track and are waiting for a response. Since this user supports higher management here, I used a "SERVICE" account that I had in reserve and logged him in as that from his PC through to the server. He has been stable all afternoon via that method. I, in turn is masquerading as the user to see if I while impersonating him get locked out.
I'm runnning Office Analytics single machine 9.4 M2. The user is running EG 6.1 and I am running EG 7.1.
I'm open to any and all suggestions.
Jerry Coppa SAS Admin at PA DHS
09-30-2015 04:58 PM
I had a problem very similar to this and it was caused by old remote login sessions to our SAS server that were just disconnected but not signed out. In the meantime I had changed my password but the old sessions kept trying to authenticate and kept locking me out.
Does your user have remote login access? If not another possibility is having his old password stored in SAS metadata or in scheduled jobs. Use SAS Management Console to update the metadata-stored password or to re-schedule the jobs.
09-30-2015 07:01 PM
Have seen this before also but can't recall the exact problem...
I gather the user can't log onto the server directly
Given you have rebooted the server etc, a rouge session doesn't seem to be the issue...
do you have credentials stored in the metadata? or hardcoded in SAS code? are there any SAS jobs running on the server when the account is locked? Is it after they do something in SAS or is it even when they don't do anything?
Although it is the SAS server that is seen to be be doing this it may not be SAS that is the issue....
10-01-2015 05:54 PM
There are a lot of possible causes.
- The existance of some user ghostprocesses still running and connecting at intervals
- The coding of the old/wrong password in a connection profile. (eguide amo/ .net DI SMC /java)
- the caching (eg conncet) in a SAS metadatadata autentication location
- the usage hard coded of user/password combination.
Finding and seeing these user errors can be hard.
Than you can ahve problems in the SAS system itself.
- The login can be delayed by failed logins. In those cases the metadata login can get delayed in a unusable way.
When the user does a login and wille retry with different password thinking it are typos it can cause a lock.
- After changing the password the sasauthentication can be delayed separtely of your OS setttings.
Getting a new password after an unlock can cause the marvelous sitaution you can loging at the OS level but using SAS for that will fail. After several retries it can get locked.