[jcifs] [ERR] JCIFS 1.2.11: The referenced account is currently locked out and may not be logged on to.

Kevin Tapperson kevin at tapperson.net
Fri Dec 22 19:57:20 GMT 2006

Given that you have an error stating that jcifs "Failed to negotiate with a
suitable domain controller for ...", you may want to go back and review your
configuration settings for your domain, domainController and/or WINS.  You
may also want to check and find out exactly what servers/addresses are in
your WINS for the domain.  It could be that your problems are intermittent
because of a difference in how the WINS lookup for your domain is being
handled (i.e. returning a different dc each WINS lookup).  If there is a bad
entry in WINS for your domain, it may be causing the failures.  I have also
seen issues with a rogue domain controller that was out-of-sync with the
rest of the domain causing such failures.

On 12/21/06, D G <jcifslist at yahoo.com> wrote:
> Getting the below error in the app. The behavior is not consistent, and
> sometimes simple Apache restart causes it to appear:
> java.net.UnknownHostException: Failed to negotiate with a suitable domain
> controller for xxxxxxx
> jcifs.smb.SmbSession.getChallengeForDomain(SmbSession.java:134)
> jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:150)
> jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:114)
> JCIFS logs show the following:
> Failed validate DC: XXXXXXX<1C>/
> jcifs.smb.SmbAuthException: The referenced account is currently locked out
> and
> may not be logged on to.
> at jcifs.smb.SmbTransport.checkStatus(SmbTransport.java:500)
> at jcifs.smb.SmbTransport.send(SmbTransport.java:611)
> at jcifs.smb.SmbSession.sessionSetup(SmbSession.java:277)
> at jcifs.smb.SmbSession.send(SmbSession.java:233)
> at jcifs.smb.SmbTree.treeConnect(SmbTree.java:154)
> at jcifs.smb.SmbSession.interrogate(SmbSession.java:82)
> at jcifs.smb.SmbSession.getChallengeForDomain(SmbSession.java:114)
> at jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:150)
> at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:114)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter
> (ApplicationFilterChain.java:202)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter
> (ApplicationFilterChain.java:173)
> at org.apache.catalina.core.StandardWrapperValve.invoke
> (StandardWrapperValve.java:213)
> at org.apache.catalina.core.StandardContextValve.invoke
> (StandardContextValve.java:178)
> at org.apache.catalina.core.StandardHostValve.invoke
> (StandardHostValve.java:126)
> at org.apache.catalina.valves.ErrorReportValve.invoke
> (ErrorReportValve.java:105)
> at org.apache.catalina.core.StandardEngineValve.invoke
> (StandardEngineValve.java:107)
> at org.apache.catalina.connector.CoyoteAdapter.service
> (CoyoteAdapter.java:148)
> at org.apache.coyote.http11.Http11AprProcessor.process
> (Http11AprProcessor.java:833)
> at
> org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process
> (Http11AprProtocol.java:639)
> at org.apache.tomcat.util.net.AprEndpoint$Worker.run
> (AprEndpoint.java:1285)
> at java.lang.Thread.run(Unknown Source)
> Neither account (mine or the one used to access Active Directory,
> configured
> for the filter in web.xml) are actually locked out.
> System info:
> Apache Tomcat 5.5.17
> Windows 2003 Server Active Directory
> JCIFS 1.2.11
> Any ideas/suggestions?
> Thanks!
> -DG
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com

Kevin Tapperson
kevin at tapperson.net
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the jcifs mailing list