CTIOS Agent Lockout

Answered Question
Dec 17th, 2009
User Badges:

Hey All, quick question, I have recently upgraded from UCCE 6.0 to 7.5(1).

Every now and then I get a user that gets locked out when trying to log in (definetly password related).  I don't recall this happening on 6.0.

I looked all around and I don't see any account lockout policies password settings.  After 15 minutes or so they can log back in.  They are agents only, not supervisors, so it is not a domain account.

Are the agent ID's stored in SQL and therefore using SQL security settings?


Any feedback would be appreciated.


Thanks

Chris

Correct Answer by david.macias about 7 years 5 months ago

st1\:*{behavior:url(#ieooui) } /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

Peripheral Gateways (PGs) and IPCC Enterprise Agent Login

As of release 7.5(1), there is a rate limit of IPCC Enterprise agent login attempts with incorrect password. By default, the agent account is disabled for 15 minutes on 3 incorrect password attempts, counted over a period of 15 minutes.

This default can be changed through the use of registry keys. The registry keys are under:

HKLM\SOFTWARE\Cisco Systems, Inc.\\ICM\\PG(n)[A/B]\PG\CurrentVersion\PIMS\pim(n)\EAGENTData\Dynamic

AccountLockoutDuration - Default 15 - Once the account is locked out as a result of unsuccessful login attempts, these are the number of minutes the account will remain locked out.

AccountLockoutResetCountDuration - Default 15 - Number of minutes before the AccountLockoutThreshold count goes back to zero. This is applicable when the account does not get locked out, but you have unsuccessful login attempts which are less than AccountLockoutThreshold.

AccountLockoutThreshold - Default 3 - Number of unsuccessful login attempts after which the account is locked out.

And here’s the link to the guide:

http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/icm_enterprise/icm_enterprise_7_5/reference/guide/icm7xsecurty.pdf


PS: Chris, by any chance did you go to TAMU, your name sounds so familiar?


david

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
david.macias Fri, 12/18/2009 - 16:21
User Badges:
  • Blue, 1500 points or more

st1\:*{behavior:url(#ieooui) } /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

Peripheral Gateways (PGs) and IPCC Enterprise Agent Login

As of release 7.5(1), there is a rate limit of IPCC Enterprise agent login attempts with incorrect password. By default, the agent account is disabled for 15 minutes on 3 incorrect password attempts, counted over a period of 15 minutes.

This default can be changed through the use of registry keys. The registry keys are under:

HKLM\SOFTWARE\Cisco Systems, Inc.\\ICM\\PG(n)[A/B]\PG\CurrentVersion\PIMS\pim(n)\EAGENTData\Dynamic

AccountLockoutDuration - Default 15 - Once the account is locked out as a result of unsuccessful login attempts, these are the number of minutes the account will remain locked out.

AccountLockoutResetCountDuration - Default 15 - Number of minutes before the AccountLockoutThreshold count goes back to zero. This is applicable when the account does not get locked out, but you have unsuccessful login attempts which are less than AccountLockoutThreshold.

AccountLockoutThreshold - Default 3 - Number of unsuccessful login attempts after which the account is locked out.

And here’s the link to the guide:

http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/icm_enterprise/icm_enterprise_7_5/reference/guide/icm7xsecurty.pdf


PS: Chris, by any chance did you go to TAMU, your name sounds so familiar?


david

chris mazella Sat, 12/19/2009 - 10:09
User Badges:

Thanks David! I overlooked that in the documentation.


Yes I believe you worked for Verizon? I'm from MetroPlus Health Plan.  Also I see that your at Eloyalty, we are one of your accounts.


Good to hear from you and thanks for the help

david.macias Sat, 12/19/2009 - 10:15
User Badges:
  • Blue, 1500 points or more

Chris, that's right, now I remember.  Glad to hear you're with eLoyalty now, hope it's going well then.


Glad I could help,


david

tprochazka Mon, 10/18/2010 - 06:04
User Badges:

Hi Guys I got additional questins for which I cannot find answer.

Is there a chance to reset lockout manually for somebody who doesnt want

to wait these 15 minutes (I dont want to reduce time or number of attempts)

thanks for answer.

david.macias Mon, 10/18/2010 - 14:55
User Badges:
  • Blue, 1500 points or more

Not aware that this is possible... you could always restart the PGs


david

Actions

This Discussion