Hey guys/girls, just a heads up on an issue that I have noticed. I am on BES Server version 9.2.9.36 as of about 6 months ago, and I may have seen this before that, but I wasn’t able to tie it to this. Once again, this may not be tied to this version, but I wanted to give you guys a heads up as to why you may get a BES Root Server service crash out of nowhere and you cannot figure out why.
I was digging through the log files and couldn’t find anything helpful, until I looked through the server audit log. I noticed tons of lines that were coming from a single user/console. It appears as if they had the console opened up on their machine and had changed their password, but never typed the new pass into the bigfix console, giving the bad auth errors in the console, but they had it minimized. The errors from the server audit log are below. (I did not put all of the successful log ins between the messages below, there were many). After almost exactly 4 hours, the BES Root server crashed, and I believe the last time I saw this happen it was about the same time, but not 100%
Fri, 04 Aug 2017 08:05:22 -0700 -- user "domain\user": Session has expired. (Data Connection)
Fri, 04 Aug 2017 08:07:22 -0700 -- user "domain\user": Session has expired. (Data Connection)
Fri, 04 Aug 2017 08:07:22 -0700 -- user "domain\user": Session has expired. (Data Connection)
Fri, 04 Aug 2017 08:07:37 -0700 -- user "domain\user": Failed log in. (Data Connection)
Fri, 04 Aug 2017 08:07:37 -0700 -- user "domain\user": Failed log in. (Data Connection)
Fri, 04 Aug 2017 08:07:52 -0700 -- domain\user: Too many log in attempts. (Data Connection)
Fri, 04 Aug 2017 08:07:52 -0700 -- domain\user: Too many log in attempts. (Data Connection)
After the last line above, every 15 seconds it replicates the too many log in attempts lines for approximately 4 hours until the root server service crashed. Once you start it again, not sure how long you have until it crashes again if the password issue is not fixed. Once I had him sync his password with the console, no issues.
Hopefully this helps someone!