OnCommand Insight is flooding the Active Directory server with authentication requests, coming from the same user
Applies to
- OnCommand Insight 7.3.8 & 7.3.9, Linux installation(OCI) / Windows Installation (OCI)
- Making use of OCI Java Client
- Active Directory as authentication server for OCI users
Issue
A lot of authentication requests are sent to the Active Directory server from the OCI server. Logs look like bellow.
- In
ldap.log
we can see a lot of errors, almost every second:
2020-05-13 11:00:40,633 ERROR [default task-5698] ldap (LdapUser.java:666) - Failed to find user:<domain>\<username> url:ldap://<domain>.local
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C090446, comment: AcceptSecurityContext error, data 52e, v2580 ]
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090446, comment: AcceptSecurityContext error, data 52e, v2580 ]
- In
sanscreen-client.log
which is located on the/.../users/<username>
directory of Windows, from which the OCI Java Client is accessing OCI, for the same timestamp:
2020-05-13 11:00:40,584 ERROR [pool-5-thread-2] com.onaro.sanscreen.client.view.refresh.RefreshManager (RefreshManager.java:294) - Error retrieving refresh data
javax.ejb.NoSuchEJBException: EJBCLIENT000079: Unable to discover destination for request for EJB StatelessEJBLocator for "/compose/UpdateTimeBean", view is interface com.onaro.sanscreen.server.interfaces.remote.UpdateTimeRemote, affinity is URI<remote+https://<Active_Directory_ip>:443>
...
Suppressed: org.jboss.ejb.client.RequestSendFailedException
...
Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:
JBOSS-LOCAL-USER: javax.security.sasl.SaslException: ELY05128: Failed to read challenge file [Caused by java.io.FileNotFoundException: \opt\netapp\oci\wildfly\standalone\tmp\auth\local1382964346588876633.challenge (Das System kann den angegebenen Pfad nicht finden)]
PLAIN: javax.security.sasl.SaslException: PLAIN: Server rejected authentication