The number of unsuccessful logon attempts appears to exceed what is specified in Empower System Policies or Active Directory - WKB31971

SYMPTOMS

• A review of the system audit trail and/or message center appears to show that the Empower account is not locked after exceeding the unsuccessful logon attempt threshold

ENVIRONMENT

• Empower

CAUSE

This issue is documented as enhancement request PCS#52581.

FIX or WORKAROUND

None

ADDITIONAL INFORMATION

When unlocking Empower windows after the inactivity timer is activated, the following occurs.

1. If an invalid password is entered when attempting to unlock Empower windows, an Unsuccessful Logon Attempt message is logged in Empower.

2. If a valid password is entered when attempting to unlock Empower windows, no entry is made to the System Audit Trail.
 

Therefore, if the number of Unsuccessful Logon Attempts displayed in the System Audit Trail and Message Center is greater than the configured number of password entry attempts, this is not necessarily an indication that a user has exceeded the allowed invalid login attempts.  Failed logon attempts which exceed the defined number of allowable password entry attempts result in the user account being disabled. For users who authenticate locally in Empower, these events are recorded in the System Audit Trail as Unsuccessful Logon Attempt Action(s) and User Account Disabled Action. In an LDAP environment, user account management is controlled by and should be monitored using the LDAP environment.