AnsweredAssumed Answered

SSO is giving AuthReject and Account disabled message in smaccess.log, however user account is fine in AD.

Question asked by Satyendra2019 on Feb 5, 2019
Latest reply on Feb 15, 2019 by SungHoon_Kim

For some users , we are facing this interesting issue. Sometimes (not always, but few times in a day) user is unable to access the application and being shown the error as "User has been either locked out for successive incorrect password or it has been disabled". However when we check the Account in AD, it seems fine. 

When we checked the smaccess.log for corresponding time period, we can see below error message, where user is perhaps being locked out and we are getting Authentication rejected, but AD account seems to be fine. 

 

[Auth][AuthReject][7][xyz.hiw.com][04/Feb/2019:07:27:37 -0500][dssoagent][gwRdYCJt35u4zdPZeyeUtvsgLNg=][john@APAC.corp.local][03-000b53ff-6569-1514-88a3-2d250aa220dd][Protect SSORedirect][06-00004b1c-656d-1514-88a3-2d250aa220dd][121.242.69.20][/ssoredirect/pwdexpirychk.asp][GET][][][][][Account disabled. 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 775, v2580][SSORedirectDomain][][][][][] 

 

Please suggest what all possibilities can exist here to lookout?

Outcomes