[jcifs] [ERR] JCIFS 1.2.11: The referenced account is currently locked out and may not be logged on to.

D G jcifslist at yahoo.com
Thu Jan 4 01:18:56 GMT 2007 

This error ("Failed to negotiate with a suitable domain controller for ...") is really an umbrella error for the more specific error, "The referenced account is currently locked out and may not be logged on to." Please see the full stack below.

The account is not locked out, as the error claims.

Any suggestions?

Thanks!
~DG

----- Original Message ----
From: Kevin Tapperson <kevin at tapperson.net>
To: D G <jcifslist at yahoo.com>
Cc: jcifs at lists.samba.org
Sent: Friday, December 22, 2006 11:57:20 AM
Subject: Re: [jcifs] [ERR] JCIFS 1.2.11: The referenced account is currently locked out and may not be logged on to.

Given that you have an error stating that jcifs "Failed to negotiate with a suitable domain controller for ...", you may want to go back and review your configuration settings for your domain, domainController and/or WINS.  You may also want to check and find out exactly what servers/addresses are in your WINS for the domain.  It could be that your problems are intermittent because of a difference in how the WINS lookup for your domain is being handled ( i.e. returning a different dc each WINS lookup).  If there is a bad entry in WINS for your domain, it may be causing the failures.  I have also seen issues with a rogue domain controller that was out-of-sync with the rest of the domain causing such failures. 


On 12/21/06, D G <jcifslist at yahoo.com> wrote: 
Getting the below error in the app. The behavior is not consistent, and
sometimes simple Apache restart causes it to appear: 

java.net.UnknownHostException: Failed to negotiate with a suitable domain
controller for xxxxxxx
jcifs.smb.SmbSession.getChallengeForDomain(SmbSession.java:134)
jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java :150)
jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:114)

JCIFS logs show the following:

Failed validate DC: XXXXXXX<1C>/172.19.12.89
jcifs.smb.SmbAuthException: The referenced account is currently locked out and 
may not be logged on to.
at jcifs.smb.SmbTransport.checkStatus(SmbTransport.java:500)
at jcifs.smb.SmbTransport.send(SmbTransport.java:611)
at jcifs.smb.SmbSession.sessionSetup(SmbSession.java:277)
at jcifs.smb.SmbSession.send (SmbSession.java:233)
at jcifs.smb.SmbTree.treeConnect(SmbTree.java:154)
at jcifs.smb.SmbSession.interrogate(SmbSession.java:82)
at jcifs.smb.SmbSession.getChallengeForDomain(SmbSession.java:114)
at jcifs.http.NtlmHttpFilter.negotiate (NtlmHttpFilter.java:150)
at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:114)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter
(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter 
(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke
(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke
(StandardContextValve.java:178) 
at org.apache.catalina.core.StandardHostValve.invoke
(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke
(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke 
(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service
(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11AprProcessor.process
(Http11AprProcessor.java:833)
at
org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process
(Http11AprProtocol.java:639)
at org.apache.tomcat.util.net.AprEndpoint$Worker.run
(AprEndpoint.java:1285)
at java.lang.Thread.run(Unknown Source) 

Neither account (mine or the one used to access Active Directory, configured
for the filter in web.xml) are actually locked out.

System info:
Apache Tomcat 5.5.17
Windows 2003 Server Active Directory 
JCIFS 1.2.11

Any ideas/suggestions?

Thanks!
-DG

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com




-- 
Kevin Tapperson
kevin at tapperson.net

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the jcifs mailing list