I am configuring the failed login attempts control policy to lock the account after three attempts with the following configuration
When performing the test after 3 attempts in the 4, the account is blocked for a few minutes, but not for 60 minutes as it appears in the rangeSeconds=3600 parameter.
Also, when I open a different web browser where I did the first test, the system allows me to enter and should not allow it since the account should be blocked.
Please know if another person has already made this configuration and how to do it.
Thanks for your help.
Related
Recently, some colleagues have started working in my team, so I showed them the basics of drone, but when they wanted to access our drone server they get that message:
Login Failed. User limit reached
We login via Github and they have access to the repositories. In fact, one of them did commit something which run the job without any problems, he just could not see it as he could not login. Any ideas on why does he get that message? I have checked our configuration and it doesn’t seem to have any limit to the number of users on drone.
Looks like I reached the limits of the trial license.
I checked the limits of my current license at the /varz URL (eg. https://cloud.drone.io/varz)
Also, about the users seats and repos: https://docs.drone.io/enterprise/usage/
I'm running a Windows Server 2012 R2, and I've deployed a logon script for my domain, although I've configured the Logon Script Delay to ENABLED ("0" MINUTES), my script still taking the 5 minutes to run after my users log on to their machines!
So what am I missing here to get rid of the 5 minutes delay?
I just researched this. It appears that based on the most pertinent article I read (linked at the end of this answer), you are doing this correctly, based on this statement: "If you enter the time in minutes as zero (0), the setting is disabled, and the Group Policy client runs the logon scripts at user logon without any delay." That is exactly what you did. But your script is still waiting five minutes before executing.
The article does offer another statement presenting another way of achieving your goal: "If you want the logon scripts to run at user logon without any delay, you should configure the setting to Disabled:"
Computer Configuration\Administrative Templates\System\Group Policy:
Configure Logon Script Delay ==> Disabled
Also look into the fact that since this is a computer setting, ensure your computer resides within an OU to which the GPO is linked, that there is no security or WMI filtering at work excluding your computer, and that there is no other over-riding GPO to this policy, and that the GPO is not being blocked. You can run a command to see why the GPO setting may not be applying if this or something else is blocking it:
gpresult /H gporeport.html
Reference: Logon scripts do not run for five minutes after a user logs on to a Windows 8.1-based computer
We want to run two Jenkins instaces on the same server.
To log in Jenkins (using version 1.595) web GUI we are using the LDAP plugin (version 1.11). "Project-based Matrix Authorization Strategy" is selected and my user is granted admin access here. So once I am able to login I have admin rights. The symbol to the left of the users added in the matirx shows a "little man" so the user seems to be found on LDAP.
CASE 1: If I type in my credentials CORRECT I get redirected
to the page that was open just before I clicked the "log in" button.
NOT good -> Without allowing anonymous user to administrate I have no chance of doing anything.
CASE 2: If I type in them WRONG Jenkins tells me "Invalid login information. Please try again."
good -> as expected.
Also tried "Anyone can do anything" as security setting. Using this I do not get redirected to the login form, but to the last visited page from where i called the "login".
It does't matter what type of Internet Explorer I use. The result is always the same (Chrome, Firefox and Internet explorer were tested).
I already discussed with the colleague responsible for the LDAP maintenance. The incoming information are handled correctly (-> LDAP settings within Jenkins must be correct). But this fact is clear since wrong login information leads to "Invalid login information page", but correct login information do not.
Also made sure that the firewall makes no problems.
Do you have any idea why this is not working? Or what the reasons could be?
Is it possible that there is kind of a "redirection link" for logins?
Hard to say from the information you've provided, but one thing to check is that the casing on your username exactly matches the name you have set up in matrix authentication. LDAP is not case sensitive but Jenkins is, which means that you can be authenticated successfully without having the administrative access you are expecting.
One way to proceed would be to add the 'authenticated' (case sensitive) user to your matrix with some limited permission set and see whether you are able to get past the login page.
I found one reason!
After deleting the environment variable JENKINS_HOME I was able to login into Jenkins... At least via localhost. Before even this login wasn't possible too. As we run two instaces of Jenkins on the same Server it seems like they want to use the variable both -> leads to failures. But if I try to login via network from another PC I still can't login (same as before). The variable JENKINS_HOME gets set (as before) within the jekins.xml in jenkins installation folder so the enironmentvariable is properbly not in need. I opend a new question, as this is now an Apache error.
I guess the reason why I can login via localhost, but not via network must be our Apache 2.2 server which is handling information wrong. By using localhost I can bypass Apache (-> works) but via network Apache gets used (-> don't work).
Link to the new question: Jenkins behind Apache Server / Can't log in Jenkins
I have written my own windows service which interacts with a SQL database and updates it. The service was running fine and seems to be functioning correctly, however of late it seems to go down at random times and cannot restart due to the error designated in the question. I have tried various searches to fix this, but unfortunately I have come up with nothing. The aim is to eventually having this service running on my companies server, but I can't adjust any server settings, I am but a user on the server, so I have restrictions to some settings.
Any quick fixes, would be helpful!
Open the Services Manager. ( Win + R, then type services.msc )
Then right click on the SQL Server process and click Properties
Then go to Log On, and select This account:
Then click Browse, and add your username in the box. (Notice it should contain the domain, in my case is AD\myusername), then Check Names and accept.
Finally type your password in the other two fields, and that's it, you should have permission to start your process now.
Cheers!!
One issue for us was the format of the account user name, we initially used
domain\username
and got the 1069-logon error, then ultimately I tried validating the user name in the properties | logon tab of the Service (in Control Panel / Service Manager), using the "Browse" and "Search" for the user name and it turned it suggested and validated ok with the reverse format
username#domain
This also worked and resolved the 1069 error, and let us script the startup using sc.exe.
Error 1069 is vague and can have different causes. I am sharing my experience here.
I encountered this error when trying to get a service to run under my account (I am trying to get my services to see the same LocalDB as interactive processes running on my account for development purposes). I use an MSA (Microsoft Account) with Windows’s PIN login normally, so I rarely enter my Windows password. To resolve the issue, I locked my screen, selected Password input instead of PIN input, and then entered my password. I assume this somehow reminded Windows what my password was and made my local account more legit.
Before doing this, you need to configure the user account in question to have the Logon as Service privilege. To do this, open the Group Policy Editor. Expand Computer / Windows Configuration / Security Configuration / Local Policies / User Permissions Assignment and then open Login as Service. From there, you can add your user in question.
also check for "Deny Logon service" policy.
user should not be added over there
We had this issue as well because the account was set so that the password expired. After we updated the account to not expire and set the password this error stopped.
The account could also be locked out. To unlock it, you only need to change that user's password (new and old password can be the same).
What also worked for me was re-entering the password in the services->LogOn window. Even when you think the account and password is correct, re-entering it will re-grant the account permission to log on as a service.
I created a service which monitors a few servers and file shares for exchange. Written in VB.NET 2.
The service is installed and running fine(ish) but randomly and without any warning or entries in the event log it stops.
Upon noticing it stops (the web front end that it generates stops working) we have to manage ther hosting server to attempt to start it again.
If we simply try to restart it, it fails to start with a logon failure.
We then go in to the properties and re-enter the service account password, start the service again and it works fine (until the next unannounced stop)
As mentioned there are no event log entries and no pattern to the stopping.
Just wondering if anyone else has had this kind of problem and if there is anything i can do to remedy this?
Thanks guys.
This could be caused by:
An expired user password (Make sure the user account is configured with the Password never expires option checked). This is a frequent problem, although it is probably not the case here as re-entering the password is enough to make it work again.
Another batch job or service using the WRONG password for the account and thus locking out the service.