Skip to content
  • There are no suggestions because the search field is empty.

User account is locked in RSA Security Analytics UI

Issue

User account is locked in RSA Security Analytics UI.
When attempting to log into SA UI using web browser e.g. https:// /login receive the error message "User account is locked"

If auditing is enabled then the folllowing entries may seen the following log file:
/var/lib/netwitness/uax/logs/audit/audit.log

2014-09-03 14:28:55,729 INFORMATION:Authenticationecurity:Authentication failed for user admin from :cause=Invalid credentials
2014-09-03 14:28:59,255 INFORMATION:Authenticationecurity:Authentication failed for user admin from :cause=Invalid credentials
2014-09-03 14:28:59,257 WARNING:Authenticationecurity:Account admin has been locked due to too many login attempts from
2014-09-03 14:29:03,147 INFORMATION:Authenticationecurity:Authentication failed for user admin from :cause=User account is locked

Reference: SA 10.3 Enabling File Auditing - http://sadocs.emc.com/0_en-us/299_10.1_User_Guide/50_Administration_Module/3_System_View/60_Auditing_Configuration



Resolution

If you have another account in a Role with the 'Manage SA Security' Permission then you can unlock the account using the SA UI.
10.3 Instructions for account unlocking - http://sadocs.emc.com/0_en-us/095_10.3_User_Guide/20_System_Security_and_User_Management/00_Security_Config_Checklist/Enable_Unlock_Sys_User_Accounts

If it's the admin account that is locked out, rather then wait for the 'Lockout Period' to expire, you can restart jettysrv to clear lockout.
1. SSH to SA server
2. stop jettysrv
3. Wait 30 seconds for service to stop
4. start jettysrv
5. When you see service listening on port :443 using 'netstat -lnp | grep :443' then the SA UI should be accessible once again.



Notes

Internal only as this information can be used to avoid lockout policy.

Internal Comments

UserName:shurtj
9/15/2014 10:38:11 PM - Technically Reviewed
Technically reviewed the article and changed its status to Copy Edited. Made minor changes to adhere to Primus best practices.


Product Details

RSA Security Analytics
RSA Security Analytics 10.1
RSA Security Analytics 10.2
RSA Security Analytics 10.3
RSA Security Analytics Server
INTERNAL ONLY !!!!