Symantec Access Management

SSO is giving AuthReject and Account disabled message in smaccess.log, however in AD, user account is fine

  • 1.  SSO is giving AuthReject and Account disabled message in smaccess.log, however in AD, user account is fine

    Posted Feb 04, 2019 02:03 PM

    For a user , we are facing this interesting issue. Sometimes (not always, but few times in a day) user is unable to access the application and being shown the error as "User has been either locked out for successive incorrect password or it has been disabled". However when we check the Account in AD, it seems fine. 

    When we checked the smaccess.log for corresponding time period, we can see below error message, where user is perhaps being locked out and we are getting Authentication rejected, but AD account seems to be fine. 

     

    [Auth][AuthReject][7][xyz.hiw.com][04/Feb/2019:07:27:37 -0500][dssoagent][gwRdYCJt35u4zdPZeyeUtvsgLNg=][john@APAC.corp.local][03-000b53ff-6569-1514-88a3-2d250aa220dd][Protect SSORedirect][06-00004b1c-656d-1514-88a3-2d250aa220dd][121.242.69.20][/ssoredirect/pwdexpirychk.asp][GET][][][][][Account disabled. 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 775, v2580][SSORedirectDomain][][][][][] 

     

    Please suggest what all possibilities can exist here to lookout?