CTIOS Agent Lockout

Answered Question
Dec 17th, 2009

Hey All, quick question, I have recently upgraded from UCCE 6.0 to 7.5(1).

Every now and then I get a user that gets locked out when trying to log in (definetly password related).  I don't recall this happening on 6.0.

I looked all around and I don't see any account lockout policies password settings.  After 15 minutes or so they can log back in.  They are agents only, not supervisors, so it is not a domain account.

Are the agent ID's stored in SQL and therefore using SQL security settings?

Any feedback would be appreciated.

Thanks

Chris

I have this problem too.
0 votes
Correct Answer by david.macias about 7 years 1 month ago

st1\:*{behavior:url(#ieooui) } /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

Peripheral Gateways (PGs) and IPCC Enterprise Agent Login

As of release 7.5(1), there is a rate limit of IPCC Enterprise agent login attempts with incorrect password. By default, the agent account is disabled for 15 minutes on 3 incorrect password attempts, counted over a period of 15 minutes.

This default can be changed through the use of registry keys. The registry keys are under:

HKLM\SOFTWARE\Cisco Systems, Inc.\\ICM\\PG(n)[A/B]\PG\CurrentVersion\PIMS\pim(n)\EAGENTData\Dynamic

AccountLockoutDuration - Default 15 - Once the account is locked out as a result of unsuccessful login attempts, these are the number of minutes the account will remain locked out.

AccountLockoutResetCountDuration - Default 15 - Number of minutes before the AccountLockoutThreshold count goes back to zero. This is applicable when the account does not get locked out, but you have unsuccessful login attempts which are less than AccountLockoutThreshold.

AccountLockoutThreshold - Default 3 - Number of unsuccessful login attempts after which the account is locked out.

And here’s the link to the guide:

http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/icm_enterprise/icm_enterprise_7_5/reference/guide/icm7xsecurty.pdf

PS: Chris, by any chance did you go to TAMU, your name sounds so familiar?

david

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
david.macias Fri, 12/18/2009 - 16:21

st1\:*{behavior:url(#ieooui) } /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

Peripheral Gateways (PGs) and IPCC Enterprise Agent Login

As of release 7.5(1), there is a rate limit of IPCC Enterprise agent login attempts with incorrect password. By default, the agent account is disabled for 15 minutes on 3 incorrect password attempts, counted over a period of 15 minutes.

This default can be changed through the use of registry keys. The registry keys are under:

HKLM\SOFTWARE\Cisco Systems, Inc.\\ICM\\PG(n)[A/B]\PG\CurrentVersion\PIMS\pim(n)\EAGENTData\Dynamic

AccountLockoutDuration - Default 15 - Once the account is locked out as a result of unsuccessful login attempts, these are the number of minutes the account will remain locked out.

AccountLockoutResetCountDuration - Default 15 - Number of minutes before the AccountLockoutThreshold count goes back to zero. This is applicable when the account does not get locked out, but you have unsuccessful login attempts which are less than AccountLockoutThreshold.

AccountLockoutThreshold - Default 3 - Number of unsuccessful login attempts after which the account is locked out.

And here’s the link to the guide:

http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/icm_enterprise/icm_enterprise_7_5/reference/guide/icm7xsecurty.pdf

PS: Chris, by any chance did you go to TAMU, your name sounds so familiar?

david

chris mazella Sat, 12/19/2009 - 10:09

Thanks David! I overlooked that in the documentation.

Yes I believe you worked for Verizon? I'm from MetroPlus Health Plan.  Also I see that your at Eloyalty, we are one of your accounts.

Good to hear from you and thanks for the help

david.macias Sat, 12/19/2009 - 10:15

Chris, that's right, now I remember.  Glad to hear you're with eLoyalty now, hope it's going well then.

Glad I could help,

david

tprochazka Mon, 10/18/2010 - 06:04

Hi Guys I got additional questins for which I cannot find answer.

Is there a chance to reset lockout manually for somebody who doesnt want

to wait these 15 minutes (I dont want to reduce time or number of attempts)

thanks for answer.

david.macias Mon, 10/18/2010 - 14:55

Not aware that this is possible... you could always restart the PGs

david

Actions

This Discussion