[27571] in resnet
Re: Mobile Device Oddity
daemon@ATHENA.MIT.EDU (Andy Voelker)
Fri Apr 13 13:32:12 2012
Content-Language: en-US
Content-Type: multipart/alternative; boundary="_000_B3C0241889401F4AB97A55E980BABBA0013459EA7910EXV01wcuedu_"
MIME-Version: 1.0
Message-ID: <B3C0241889401F4AB97A55E980BABBA0013459EA7910@EXV01.wcu.edu>
Date: Fri, 13 Apr 2012 13:30:05 -0400
Reply-To: Resnet Forum <RESNET-L@listserv.nd.edu>
From: Andy Voelker <avoelker@email.wcu.edu>
To: RESNET-L@listserv.nd.edu
In-Reply-To: <E82B3D1044840248B34C455CD06518504D7156E51B@MSEXCH-DB.umw.local>
--_000_B3C0241889401F4AB97A55E980BABBA0013459EA7910EXV01wcuedu_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
We use some software called AD Audit Plus to audit these types of account f=
ailures. It replaced our old SNMP trap database dump from the Radius serve=
r. It will give you more information on failed logins and lockouts than ju=
st AD or Radius will. You can get a trial for free. We went ahead and imp=
lemented it and I think it ended up costing $1k total. It was well worth i=
t for our environment and has helped us troubleshoot all kinds of problems.=
We even found several computers that were spitting out hundreds of failed=
logins her hour on wireless because they were connected with Ethernet cabl=
es and a local profile. Turning these off reduced the wireless traffic and=
the load on radius.
https://store.manageengine.com/active-directory-audit/index.html
Our campus has 10k students, 2k employees, 3 DC's, 2 radius, just to give y=
ou an idea of the scale.
It sounds like with this tool you could easily track down the mac address o=
f the offending device, and the reason for its rejection. iOS devices some=
times show us some very distinctive messages.
-- Andy Voelker
Manager of Student Computing in the Technology Commons
Western Carolina University
Be sure to check out the WCU TechTips Podcast at http://www.youtube.com/Wes=
ternCarolinaU!!
Check the status of your IT requests at any time at http://help.wcu.edu/ !
From: Resnet Forum [mailto:RESNET-L@LISTSERV.ND.EDU] On Behalf Of Deborah H=
ovey Boutchyard (dhovey)
Sent: Friday, April 13, 2012 12:14 PM
To: RESNET-L@LISTSERV.ND.EDU
Subject: Mobile Device Oddity
Happy Friday, Everyone!
I'm hoping someone may have experienced a weird issue we're having and can =
point us in the right direction! I have a user with a machine on both camp=
uses, and iPad, and an iPhone. The Help Desk has verified that her profile=
s on her iPad and iPhone are not caching credentials, but when she comes on=
campus, invariably she is being locked out of her AD account and we can't =
figure out why. Our threshold for incorrect log ins is very high at 10, bu=
t she is consistently being locked out.
I'm told the OS is up to date on each device and that they should not be at=
tempting to connect automatically when in range, but even if they did, the =
passwords are correct and should work. Have any of you seen a similar issu=
e? More importantly, any clue what to do about it?
Thanks very much, as always, for your brain power! :)
Deb
UMW
___________________________________________________ You are subscribed to t=
he ResNet-L mailing list.
To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.=
EDU/archives/resnet-l.html ________________________________________________=
___
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--_000_B3C0241889401F4AB97A55E980BABBA0013459EA7910EXV01wcuedu_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40"><head><meta http-equiv=3DContent-Type content=
=3D"text/html; charset=3Dus-ascii"><meta name=3DGenerator content=3D"Micros=
oft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]--></head><body lang=3DEN-US link=3Dblue vli=
nk=3Dpurple><div class=3DWordSection1><p class=3DMsoNormal><span style=3D'c=
olor:#1F497D'>We use some software called AD Audit Plus to audit these type=
s of account failures. It replaced our old SNMP trap database dump fr=
om the Radius server. It will give you more information on failed log=
ins and lockouts than just AD or Radius will. You can get a trial for=
free. We went ahead and implemented it and I think it ended up costi=
ng $1k total. It was well worth it for our environment and has helped=
us troubleshoot all kinds of problems. We even found several compute=
rs that were spitting out hundreds of failed logins her hour on wireless be=
cause they were connected with Ethernet cables and a local profile. T=
urning these off reduced the wireless traffic and the load on radius. =
<o:p></o:p></span></p><p class=3DMsoNormal><span style=3D'color:#1F497D'><=
o:p> </o:p></span></p><p class=3DMsoNormal><a href=3D"https://store.ma=
nageengine.com/active-directory-audit/index.html">https://store.manageengin=
e.com/active-directory-audit/index.html</a><o:p></o:p></p><p class=3DMsoNor=
mal><span style=3D'color:#1F497D'><o:p> </o:p></span></p><p class=3DMs=
oNormal><span style=3D'color:#1F497D'>Our campus has 10k students, 2k emplo=
yees, 3 DC’s, 2 radius, just to give you an idea of the scale.<o:p></=
o:p></span></p><p class=3DMsoNormal><span style=3D'color:#1F497D'><o:p>&nbs=
p;</o:p></span></p><p class=3DMsoNormal><span style=3D'color:#1F497D'>It so=
unds like with this tool you could easily track down the mac address of the=
offending device, and the reason for its rejection. iOS devices some=
times show us some very distinctive messages.<o:p></o:p></span></p><p class=
=3DMsoNormal><span style=3D'color:#1F497D'><o:p> </o:p></span></p><p c=
lass=3DMsoNormal><span style=3D'color:#1F497D'><o:p> </o:p></span></p>=
<div><p class=3DMsoNormal><span style=3D'color:#1F497D'>-- Andy Voelker<o:p=
></o:p></span></p><p class=3DMsoNormal><span style=3D'color:#1F497D'>Manage=
r of Student Computing in the Technology Commons<o:p></o:p></span></p><p cl=
ass=3DMsoNormal><span style=3D'color:#1F497D'>Western Carolina University<o=
:p></o:p></span></p><p class=3DMsoNormal><span style=3D'color:#1F497D'>Be s=
ure to check out the WCU TechTips Podcast at <a href=3D"http://www.youtube.=
com/WesternCarolinaU">http://www.youtube.com/WesternCarolinaU</a>!!<o:p></o=
:p></span></p><p class=3DMsoNormal><span style=3D'color:#1F497D'>Check the =
status of your IT requests at any time at <a href=3D"http://help.wcu.edu/">=
http://help.wcu.edu/</a> !<o:p></o:p></span></p></div><p class=3DMsoNormal>=
<span style=3D'color:#1F497D'><o:p> </o:p></span></p><div><div style=
=3D'border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><=
p class=3DMsoNormal><b><span style=3D'font-size:10.0pt;font-family:"Tahoma"=
,"sans-serif"'>From:</span></b><span style=3D'font-size:10.0pt;font-family:=
"Tahoma","sans-serif"'> Resnet Forum [mailto:RESNET-L@LISTSERV.ND.EDU] <b>O=
n Behalf Of </b>Deborah Hovey Boutchyard (dhovey)<br><b>Sent:</b> Friday, A=
pril 13, 2012 12:14 PM<br><b>To:</b> RESNET-L@LISTSERV.ND.EDU<br><b>Subject=
:</b> Mobile Device Oddity<o:p></o:p></span></p></div></div><p class=3DMsoN=
ormal><o:p> </o:p></p><p class=3DMsoNormal>Happy Friday, Everyone!<o:p=
></o:p></p><p class=3DMsoNormal><o:p> </o:p></p><p class=3DMsoNormal>I=
’m hoping someone may have experienced a weird issue we’re havi=
ng and can point us in the right direction! I have a user with a mach=
ine on both campuses, and iPad, and an iPhone. The Help Desk has veri=
fied that her profiles on her iPad and iPhone are not caching credentials, =
but when she comes on campus, invariably she is being locked out of her AD =
account and we can’t figure out why. Our threshold for incorrec=
t log ins is very high at 10, but she is consistently being locked out.&nbs=
p; <o:p></o:p></p><p class=3DMsoNormal><o:p> </o:p></p><p class=3DMsoN=
ormal>I’m told the OS is up to date on each device and that they shou=
ld not be attempting to connect automatically when in range, but even if th=
ey did, the passwords are correct and should work. Have any of you se=
en a similar issue? More importantly, any clue what to do about it?<o=
:p></o:p></p><p class=3DMsoNormal><br>Thanks very much, as always, for your=
brain power! <span style=3D'font-family:Wingdings'>J</span><o:p></o:=
p></p><p class=3DMsoNormal><br>Deb<o:p></o:p></p><p class=3DMsoNormal>UMW<o=
:p></o:p></p><p class=3DMsoNormal><span style=3D'font-size:12.0pt;font-fami=
ly:"Times New Roman","serif"'>_____________________________________________=
______ You are subscribed to the ResNet-L mailing list. <o:p></o:p></span><=
/p><p>To subscribe, unsubscribe or search the archives, go to <a href=3D"ht=
tp://LISTSERV.ND.EDU/archives/resnet-l.html">http://LISTSERV.ND.EDU/archive=
s/resnet-l.html</a> ___________________________________________________ <o:=
p></o:p></p></div></body></html>=
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--_000_B3C0241889401F4AB97A55E980BABBA0013459EA7910EXV01wcuedu_--
