[ngw] AD account oddity

Pat Diggins Pat.Diggins at baptist-health.org
Sun May 7 11:43:10 UTC 2017


  We have had  LDAP set up for a long time. I have found that if the AD account is disabled, locked out, due for a password change or expired you can not log into GroupWise. Most often the situation you described is when AD is wanting user to change password at next login. Also, once in a while when someone changes their AD password and immediately launches GroupWise - it has not completely synchronized yet. 
   Another thing to watch for is mobile mail. When an AD password is changed, the phone may try to sync but still has the old password. After your set number of attempts it will lock out the AD account!

Pat Diggins
>>> "Joe Brugaletta" <JBrugaletta at braytonlaw.com> 5/5/2017 4:09 PM >>>
Since changing to LDAP and AD, *very* randomly users can't get into their gw accounts. Has anyone seen similar behavior?  Gw14.2.2

I got two phone calls back to back today.. users are able to login to computer/ad/edir without issue, but gw wouldn't let them in. So I reset their passwords in AD using Users & Computers MMC (same password as before).. still didn't work, so then went into GWAC and hit "Synchronize".. a few attempts later they were able to get in. Below log from PO shows failed attempt, and then successful after reset/sync

13:31:41 397A LDAP Error: 49  (JDOE)
13:31:41 397A LDAP Error: Invalid credentials CN= CN=John Doe,OU=Case Clerks,OU=Law,DC=braytonlaw,DC=com Extended Error=80090308: LdapErr: DSID-0C0903D9, comment: AcceptSecurityContext error, data 52e, v2580 (JDOE)
13:31:41 397A Error: Invalid password [D019] User:JDOE  (JDOE)
13:32:04 393A ADM: Completed: Update object in post office -  User ASBDOM.sfpo.JDOE (Administrator: gwadmin.LAWSYS, Domain: ASBDOM)
13:32:07 397A C/S Login Windows  Net Id=JDOE.Sf.ASB ::GW Id=JDOE :: 10.10.20.21
13:32:08 397A Processing update: environment settings record (JDOE)
13:32:08 397A Processing update: environment settings record (JDOE)

NOTICE: This email and all attachments are CONFIDENTIAL and intended SOLELY for the recipients as identified in the "To", "Cc" and "Bcc" lines of this email.  If you are not an intended recipient, your receipt of this email and its attachments is the result of an inadvertent disclosure or unauthorized transmittal.  Sender reserves and asserts all rights to confidentiality, including all privileges that may apply.  Pursuant to those rights and privileges, immediately DELETE and DESTROY all copies of the email and its attachments, in whatever form, and immediately NOTIFY the sender of your receipt of this email.  DO NOT review, copy, forward or rely on the email and its attachments in any way.
NOTICE: NO DUTIES ARE ASSUMED, INTENDED OR CREATED BY THIS COMMUNICATION.  If you have not executed a fee contract or an engagement letter, this firm does NOT represent you as your attorney.  You are encouraged to retain counsel of your choice if you desire to do so.  All rights of the sender for violations of the confidentiality and privileges applicable to this email and any attachments are expressly reserved.




More information about the ngw mailing list