as400 user id disabled

15 pts.
Tags:
hi as400 user id get disabled in every 5 minute
hi as400 user id get disabled in every 5 minutes
1

Answer Wiki

Thanks. We'll let you know when a new response is added.

Check the log QHST to see if there were repeated login attempts.  If you find the disable message, do a help on it for further information. Depending on how your security settings are it may disable the profile and even the device after a certain number of invalid log in attempts. Another place I have seen this happen is when people have a macro set up to log them in. Not a good idea security wise. If they password changes and they do not change the macro, this will cause invalid login attempts as well. It could be a number of reasons with different sources trying to connect to the DB2 databases as well. Things like web pages, web services, data imports into office documents all need a valid built in login. If that changed the it breaks. 

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Subhendu Sen

    It may possible if you check what is disabling user id by using the IBM i Security Auditing.

    140,480 pointsBadges:
    report
  • ToddN2000
    We get that a lot. As mentioned above if you check QHST, then do a help on the messages you can narrow down on why its happening.  
    Here is an example with supporting help.
    Password from device KRAMA1 not correct for user KRAMER.        
    Password from device KRAMA1 not correct for user KRAMER.        
    Password from device KRAMA1 not correct for user KRAMER.        
    User profile KRAMER has been disabled.                              
    Warning. Device KRAMA1 varied off while in session.             
    Vary off completed for device KRAMA1.                           
    Subsystem QINTER varied off work station KRAMA1 for user KRAMER.
    
    The extended help for each follows
    
    Message ID . . . . . . :   CPF2234       Severity . . . . . . . :   30        
    Message type . . . . . :   Information                                        
    Date sent  . . . . . . :   06/27/19      Time sent  . . . . . . :   08:15:23  
                                                                                  
    Message . . . . :   Password from device KRAMA1 not correct for user      
      KRAMER.                                                                     
    Cause . . . . . :   User KRAMER entered a password from device KRAMA1 that
      is not correct.                                                             
    Recovery  . . . :   Have the user correct the password and then try the       
      request again.                                                              
    
    Message ID . . . . . . :   CPF1393       Severity . . . . . . . :   70        
    Message type . . . . . :   Information                                        
    Date sent  . . . . . . :   06/27/19      Time sent  . . . . . . :   08:15:24  
                                                                                  
    Message . . . . :   User profile KRAMER has been disabled.                    
    Cause . . . . . :   User profile KRAMER on device KRAMA1 or network       
      address 10.10.10.10 in subsystem QINTER has been disabled because the maximum
      number of sign-on attempts specified for the QMAXSIGN system value has been 
      reached.  If the device, subsystem, or network address is *N, then the      
      information was not available.                                              
    Recovery  . . . :   To enable the user profile, have the security officer     
      change the STATUS parameter to *ENABLED on the Change User Profile          
      (CHGUSRPRF) command.                                                        
    Technical description . . . . . . . . :   Sign-on attempts include any attempt
      to verify the user profile password. Passwords are verified by sign-on      
      operations, various servers such as File Transfer Protocol (FTP), and API   
    
    Message ID . . . . . . :   CPC2621       Severity . . . . . . . :   10        
    Message type . . . . . :   Completion                                         
    Date sent  . . . . . . :   06/27/19      Time sent  . . . . . . :   08:15:24  
                                                                                  
    Message . . . . :   Warning. Device KRAMA1 varied off while in session.   
    Cause . . . . . :   The device is assigned to job 129869/QSYS/QINTER. The job 
      varied off the device with the Vary Configuration (VRYCFG) command before   
      closing the file. Any subsequent attempts to access the device from this job
      will cause messages to be issued.                                           
    
    Message ID . . . . . . :   CPC2606       Severity . . . . . . . :   00        
    Message type . . . . . :   Completion                                         
    Date sent  . . . . . . :   06/27/19      Time sent  . . . . . . :   08:15:24  
                                                                                  
    Message . . . . :   Vary off completed for device KRAMA1.                 
    Cause . . . . . :   The vary configuration (VRYCFG) command was issued        
      requesting that device KRAMA1 be varied off.                            
    Technical description . . . . . . . . :   If ASCVRYOFF(*YES) was specified on 
      the VRYCFG command, the status of device KRAMA1 will be VARY OFF PENDING
      until device take down is completed. If ASCVRYOFF(*NO) was specified on the 
      VRYCFG command, device take down is complete and the status of device       
      KRAMA1 is VARIED OFF.                                                   
    
    Message ID . . . . . . :   CPF1397       Severity . . . . . . . :   70        
    Message type . . . . . :   Information                                        
    Date sent  . . . . . . :   06/27/19      Time sent  . . . . . . :   08:15:24  
                                                                                  
    Message . . . . :   Subsystem QINTER varied off work station KRAMA1 for   
      user KRAMER.                                                                
    Cause . . . . . :   The maximum number of sign on attempts specified by system
      value QMAXSIGN has been reached.  The device has been varied off for        
      security reasons.                                                           
    Recovery  . . . :   After checking with your security officer, vary the device
      on using the Vary Configuration (VRYCFG) command.                           
    
    
    

    133,790 pointsBadges:
    report
  • TheRealRaven
    There are usually two reasons a profile is continually disabled.

    First, the account is being attacked by a 'brute force' method. The account shouldn't be re-enabled until the attack is stopped.

    Second, an app, usually on a networked PC, is attempting to connect, often to the database. The app is configured with a password and needs to be changed.

    The QHST log and the security audit journal are the two places to look for details.
    35,660 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: