Monday, November 26, 2012

[Active Directory] iCloud, Proxy Servers, & locked out account

Came back from vacation and my account kept locking after I logged in.  After a couple hours of digging, I finally gave up, ran Ethereal (packet sniffer) and looked for bad messages.

Lo and behold: iCloud was pummeling the proxy server up to 10 times a second, trying to log in via the proxy. It somehow had cached an old AD password and was sending that to get out, getting rejected, and trying again & again, locking my account.


Erick Diaz said...

I have been having the same problem on my environemnt with several users that have icloud feature enable, even so I have not been able to determine a pattern or technical doc will explain if the password will be sync/cache. I will sniff the packets today, do you have some screenshot that I can compare to what I should be looking for?

By any chance did it happen to you due to a recent password change? for my users seems that the password problem starts reflecting after few weeks

bourgon said...

Howdy, Erick. Unfortunately, I didn't think to save it. What I saw in Wireshark was in the info field, a call to our proxy server in order to get to, and was getting NTLM authentication failed.

I tried 2 different things to fix it (signing out of and closing iCloud, then disabling the proxy on my machine), and now I can't dupe it.

I had NOT changed my password recently - I'm midway into our password cycle, but my machine had just been rebooted (probably due to Windows patches).

Hope this helps.