Guest

Preview Tool

Cisco Bug: CSCsy95139 - AD account locked after 1st unsuccessful attempt to log in to CCMuser

Last Modified

Feb 02, 2017

Products (1)

  • Cisco Unified Communications Manager (CallManager)

Known Affected Releases

6.1(3.1000.16) 7.0(1) 7.0(2)

Description (partial)

User account is locked in Active Directory after the 1st unsuccessful attempt to log on to the CCMuser web page. 
CCM is sending 3 bindRequest for the same user in few milliseconds during LDAP authentication for a single attempt

Symptom:
After a single unsuccessful attempt to log onto the CCMuser webpage, End user "Account is locked out" on Active Directory. 
In the sniffer capture we can see that the CallManager is sending the biungRequest for the same user 3 times for a single attempt. Verified the same in the traces on CM in lab. 

Conditions:
Account Lockout Policy in Domain Security Policy has threshold value as 3 
LDAP authentication with Win2003
CM: CUCM 6.1.3.1000-16 (customer use)
CM: CUCM 7.0.2.10000-8
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.