ADSM-L

Re: [ADSM-L] Automatic password change gets lost between server and client

2017-09-19 17:02:18
Subject: Re: [ADSM-L] Automatic password change gets lost between server and client
From: Skylar Thompson <skylar2 AT U.WASHINGTON DOT EDU>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Tue, 19 Sep 2017 21:00:57 +0000
 Content preview:  We've had this issue intermittently as well, but not often
    enough to spend time tracking it down. We just have an alert that makes a
    ticket if an ANR0424W message is seen in the TSM server activity log. [...]


 Content analysis details:   (0.7 points, 5.0 required)

  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  0.7 SPF_NEUTRAL            SPF: sender does not match SPF record (neutral)
 -0.0 RP_MATCHES_RCVD        Envelope sender domain matches handover relay 
domain
X-Barracuda-Connect: mx.gs.washington.edu[128.208.8.134]
X-Barracuda-Start-Time: 1505854859
X-Barracuda-Encrypted: ECDHE-RSA-AES256-GCM-SHA384
X-Barracuda-URL: https://148.100.49.28:443/cgi-mod/mark.cgi
X-Barracuda-Scan-Msg-Size: 4474
X-Virus-Scanned: by bsmtpd at marist.edu
X-Barracuda-BRTS-Status: 1
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=3.5 
QUARANTINE_LEVEL=1000.0 KILL_LEVEL=5.5 tests=
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.43120
        Rule breakdown below
         pts rule name              description
        ---- ---------------------- 
--------------------------------------------------

We've had this issue intermittently as well, but not often enough to spend
time tracking it down. We just have an alert that makes a ticket if an
ANR0424W message is seen in the TSM server activity log.

On Tue, Sep 19, 2017 at 05:06:54PM +0000, Lee, Gary wrote:
> Had it with a linux client last week.
> Only twice now in two years, and no apparent pattern.
> This time 6.3.0 client with 7.1.7.1 server.
>
>
> -----Original Message-----
> From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf 
> Of Sasa Drnjevic
> Sent: Tuesday, September 19, 2017 12:33 PM
> To: ADSM-L AT VM.MARIST DOT EDU
> Subject: Re: [ADSM-L] Automatic password change gets lost between server and 
> client
>
> Yes, I've seen that, and if I can remember correctly, it happens
> sometimes, but only on Windows servers.
>
> Did not find the answer...Updated password on the Win client, and that
> was it...
>
> Regards.
>
> --
> Sasa Drnjevic
> https://na01.safelinks.protection.outlook.com/?url=www.srce.unizg.hr&data=02%7C01%7Cglee%40BSU.EDU%7C2f7c63f465c94719a09608d4ff7c3f80%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C0%7C636414356483419375&sdata=zN5rPtNhvk%2BC4wN5CvKL3ndER9h94UEZX%2FSOhJeyCmA%3D&reserved=0
>
>
>
>
> On 2017-09-19 17:50, Zoltan Forray wrote:
> > Last night, something strange happened and am wondering if anyone else has
> > seen this.
> >
> > One of my nodes came up for it's every 90-day password automatic
> > expire-and-generate-new-password.  While this is normal, the password
> > change got lost between the client and server.  Here are console messages
> > from that time:
> >
> > *Normal connection:*
> > 09/18/2017 20:47:38  ANR0406I Session 155733 started for node ISILON-LS
> > (WinNT) (Tcp/Ip 192.168.21.128(58779)). (SESSION: 155733)
> > 09/18/2017 20:47:38  ANR0403I Session 155733 ended for node ISILON-LS
> > (WinNT). (SESSION: 155733)
> > 09/18/2017 20:47:42  ANR0406I Session 155734 started for node ISILON-LS
> > (WinNT) (Tcp/Ip 192.168.21.128(58781)). (SESSION: 155734)
> >
> > *Password has expired:*
> > 09/18/2017 20:47:42  ANR0424W Session 155734 for node ISILON-LS  (WinNT)
> > refused - invalid password submitted. (SESSION: 155734)
> > 09/18/2017 20:47:42  ANR0403I Session 155734 ended for node ISILON-LS
> > (WinNT). (SESSION: 155734)
> > 09/18/2017 20:57:48  ANR0406I Session 155748 started for node ISILON-LS
> > (WinNT) (Tcp/Ip 192.168.21.128(58835)). (SESSION: 155748)
> >
> > *Everything looks normal:*
> > 09/18/2017 20:57:50  ANR0403I Session 155748 ended for node ISILON-LS
> > (WinNT). (SESSION: 155748)
> > 09/18/2017 20:57:53  ANR0406I Session 155750 started for node ISILON-LS
> > (WinNT) (Tcp/Ip 192.168.21.128(58838)). (SESSION: 155750)
> >
> > *Password is Invalid?  What....what?*
> > 09/18/2017 20:57:53  ANR0424W Session 155750 for node ISILON-LS  (WinNT)
> > refused - invalid password submitted. (SESSION: 155750)
> > 09/18/2017 20:57:53  ANR0403I Session 155750 ended for node ISILON-LS
> > (WinNT). (SESSION: 155750)
> >
> > Repeat 'invalid password message' every 10-minutes for the rest of the
> > night?
> >
> > Client is 7.1.6.3 and server is 7.1.7.300
> >
> >
> >
> > --
> > *Zoltan Forray*
> > Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator
> > Xymon Monitor Administrator
> > VMware Administrator
> > Virginia Commonwealth University
> > UCC/Office of Technology Services
> > https://na01.safelinks.protection.outlook.com/?url=www.ucc.vcu.edu&data=02%7C01%7Cglee%40BSU.EDU%7C2f7c63f465c94719a09608d4ff7c3f80%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C0%7C636414356483419375&sdata=zcQ93GWJMlvxHNGcwY7mHvQxyBCTNGmIIyn5cFZ06JE%3D&reserved=0
> > zforray AT vcu DOT edu - 804-828-4807
> > Don't be a phishing victim - VCU and other reputable organizations will
> > never use email to request that you reply with your password, social
> > security number or confidential personal information. For more details
> > visit 
> > https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Finfosecurity.vcu.edu%2Fphishing.html&data=02%7C01%7Cglee%40BSU.EDU%7C2f7c63f465c94719a09608d4ff7c3f80%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C0%7C636414356483419375&sdata=MDF1Xoo4IZQo7g6Dsdnep%2FVEslJTSueO4Mv6shBI0%2Fs%3D&reserved=0
> >

--
-- Skylar Thompson (skylar2 AT u.washington DOT edu)
-- Genome Sciences Department, System Administrator
-- Foege Building S046, (206)-685-7354
-- University of Washington School of Medicine


ADSM.ORG Privacy and Data Security by KimLaw, PLLC