Skip to main content
NetApp Response to Russia-Ukraine Cyber Threat
In response to the recent rise in cyber threat due to the Russian-Ukraine crisis, NetApp is actively monitoring the global security intelligence and updating our cybersecurity measures. We follow U.S. Federal Government guidance and remain on high alert. Customers are encouraged to monitor the Cybersecurity and Infrastructure Security (CISA) website for new information as it develops and remain on high alert.
NetApp Knowledge Base

OnCommand Insight is flooding the Active Directory server with authentication requests, coming from the same user

Last Updated:

Applies to

  • OnCommand Insight 7.3.8 & 7.3.9, Linux installation(OCI) / Windows Installation (OCI)
  • Making use of OCI Java Client
  • Active Directory as authentication server for OCI users


A lot of authentication requests are sent to the Active Directory server from the OCI server. Logs look like bellow.

  • In ldap.log we can see a lot of errors, almost every second:

2020-05-13 11:00:40,633 ERROR [default task-5698] ldap ( - Failed to find user:<domain>\<username> url:ldap://<domain>.local
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C090446, comment: AcceptSecurityContext error, data 52e, v2580 ]
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090446, comment: AcceptSecurityContext error, data 52e, v2580 ]

  • In sanscreen-client.log which is located on the /.../users/<username> directory of Windows, from which the OCI Java Client is accessing OCI, for the same timestamp:

2020-05-13 11:00:40,584 ERROR [pool-5-thread-2] com.onaro.sanscreen.client.view.refresh.RefreshManager ( - Error retrieving refresh data
javax.ejb.NoSuchEJBException: EJBCLIENT000079: Unable to discover destination for request for EJB StatelessEJBLocator for "/compose/UpdateTimeBean", view is interface com.onaro.sanscreen.server.interfaces.remote.UpdateTimeRemote, affinity is URI<remote+https://<Active_Directory_ip>:443>
Suppressed: org.jboss.ejb.client.RequestSendFailedException
Caused by: Authentication failed: all available authentication mechanisms failed:
   JBOSS-LOCAL-USER: ELY05128: Failed to read challenge file [Caused by \opt\netapp\oci\wildfly\standalone\tmp\auth\local1382964346588876633.challenge (Das System kann den angegebenen Pfad nicht finden)]
   PLAIN: PLAIN: Server rejected authentication



Scan to view the article on your device

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support