How to Prevent Password Lockouts of Servers After Multiple Authentication Failures During Discovery

masahironaka
Tera Contributor

‎01-21-2025 12:34 AM

When performing Discovery, if the stored Credentials in the Credentials table do not match multiple times for 100 or more Windows servers, it can lead to password lockouts. Initially, during the first Discovery cycle, the system tries each credential in the Credentials table in sequence until a match is found.

My concern is that multiple authentication failures could result in the Windows servers being locked due to incorrect password attempts.

From the second Discovery cycle onward, there should be no need to worry about authentication failures as "IP Service Affinities" records are created.

 

Question:

Is the following method to prevent password lockouts considered a best practice?

If there are any other best practices, please advise.

  • Conduct a Quick Discovery for each server individually.
0 Helpfuls
  • 415 Views
1 REPLY 1

Viraj Hudlikar
Tera Sage

‎01-21-2025 12:50 AM

Hello @masahironaka 

 

This are some pointers which I followed when I used to face issue stated by you.

  1. Quick Discovery for Each Server Individually: Conducting a Quick Discovery for each server individually can help identify the correct credentials without causing multiple authentication failures. This method allows you to verify credentials on a smaller scale before performing a full Discovery.

  2. Credential Affinity: As you mentioned, from the second Discovery cycle onward, "IP Service Affinities" records are created, which helps in reducing authentication failures. Ensure that this feature is enabled and properly configured.

  3. Credential Pre-Testing: Before running a full Discovery, pre-test the credentials on a subset of servers to ensure they are correct. This can help identify any incorrect credentials and prevent lockouts.

  4. Monitor and Adjust: Continuously monitor the Discovery logs for authentication failures and adjust the credentials accordingly. This proactive approach can help in identifying and resolving issues before they lead to lockouts.

  5. Staggered Discovery: Instead of running Discovery on all servers simultaneously, stagger the Discovery process to reduce the load and potential for lockouts.

 

If my response has helped you hit helpful button and if your concern is solved do mark my response as correct.

 

Thanks & Regards
Viraj Hudlikar.

0 Helpfuls