AD account getting locked out after password change (JABBER)
I have a client that was treating the Jabber zone as authenticated to prevent Jabber version 4.2 from locking accounts after one incorrect login attempt.
Everyone is now running 4.5 or higher. We changed the zone to check credentials and still ended up locking many accounts. It turns out that if a client was logged on prior to changing the authentication rule that Jabber was persistent in trying to authenticate with the incorrect credentials. My Smartphone for example prompts me to enter a new password when it gets denied access. Jabber however does not do this.
Company rules require password change every 2 months. It's a certainty that someone will forget to log off Jabber when changing the password and cause the same problem again.
I did not see anything in the release notes for version 4.6 or 4.7 that address this. To help alleviate the issue a bit we plan on pushing new settings to not remember the credentials after logging off. However, that does not address the root issue. Besides informing everyone to log off Jabber is there a work around for this?
When user changes his network credentials and does not update them in Jabber. Jabber will still try to connect to phone services and voicemail with the old credentials which is leading to their account getting locked in AD.
We are using Jabber 9.6.1, so a fairly new version.
We created a custom installation BAT file and pushed it to everyone using Jabber.
usewindowsusername=1 - this has prevented accounts from being locked out as Jabber automatically checks for the windows password every time it needs to re-authenticate. I’m not sure if that would work for 9.6.1.
Are you getting this error “Installer User Interface Mode Not Supported. The installer cannot run in this UI mode. To specify the interface mode, use the -i command-line option, followed by the UI mode identifier. The value UI mode identifiers...
The below trick might come handy when you have to add a new node to a cluster but you don't have or is unsure of the security password for the publisher. This procedure has been around for ages.
1) Login into the CLI of the Publisher.