Ricky Watts Posted April 25, 2017 Posted April 25, 2017 One of our user accounts has got suspended several times now and I'd like to figure out why. I suspect he just keeps entering the wrong password, but can't find anything in the logs that confirm this. Are there any logs that show why an account has been suspended? Also are there any other reasons that the system would suspend an account?
TrevorKillick Posted April 25, 2017 Posted April 25, 2017 Hi @Ricky Watts There are two way a user account can become suspended either through incorrect password attempts or an administrator manually changing the account status to suspended. If you have Direct Database Access enabled you can query the h_sys_security_log table and see the incorrect attempts for a user, they will also show in the EspServerService log available from the admin tool. Kind Regards Trevor Killick
Ricky Watts Posted April 25, 2017 Author Posted April 25, 2017 That's exactly what I was after, thank you I've just checked the h_sys_security_log table and it confirms the user did have multiple unsuccessful login attempts before their account was suspended. I did think that was the case but wanted to confirm that as I'm sure he'll insist he's entering the right password. Thanks again. 1
Steve Giller Posted August 15, 2017 Posted August 15, 2017 I've just had a suspended user - I have no records in h_sys_security_log that mention her (or, indeed, any entries since 11/2016!) Is there a way to filter to the relevant entries in EspServerService (or is that pointless as they wouldn't be in one and not the other) rather than trawl through the logs? Finally, aside from password attempts (we use SSO, so that's unlikely) and manual change, could anything else cause this? I certainly didn't do it and I just want to check nothing else could cause it before I go and start pointing fingers in a shouty manner ...
Guest Ehsan Posted August 15, 2017 Posted August 15, 2017 @DeadMeatGF Is the user suspended or is the user not able to login to Hornbill? Is it possible that it is down to subscriptions? For example, I'm using 3 of 1000 subscriptions on my instance. If I was utilising 1000 / 1000 subscriptions, user 1001 would not be able to login.
Steve Giller Posted August 15, 2017 Posted August 15, 2017 Suspended - I hit the refresh icon and she reactivated and could log in immediately.
Guest Ehsan Posted August 15, 2017 Posted August 15, 2017 Does the user use the Mobile App? That could lock a user out, if incorrect password attempts are made.
Steve Giller Posted August 15, 2017 Posted August 15, 2017 She's service desk, I will check but it's unlikely - and we register mobile devices through the QR code in the web client rather than by signing in. [Update] @Ehsan I have checked, and the device is registered with the QR code rather than signing in with username/password.
Steve Giller Posted August 15, 2017 Posted August 15, 2017 Also - would a failed app login appear in the logs? If so, where can I check?
Steve Giller Posted August 15, 2017 Posted August 15, 2017 I'm going to assume it's the block that I've attached - although if there was an indication of the username in the error it would be easier to be certain. Any reason why this would occur with SSO in the client and a registered mobile device - you shouldn't be able to enter invalid credentials in either of those situations, should you?
Guest Ehsan Posted August 15, 2017 Posted August 15, 2017 @DeadMeatGF As you can see from the log, 3 wrong attempts were made to login and then the account was suspended. You're right - about a registered Mobile device but if the QR code didn't work for particular reason (e.g. Privacy settings was turned off on the phone, the user has the option to enter login details manually.
Guest Ehsan Posted August 15, 2017 Posted August 15, 2017 Also if you login to Hornbill externally (i.e. not inside your Network or through the browser on your Mobile device), you'll be prompted to enter login details.
Steve Giller Posted August 15, 2017 Posted August 15, 2017 I've identified the problem - the user is having to (?) log in manually every time. I'm not sure why, because we're set up for SSO, but I've got the team investigating that from our end.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now