cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Event 4223; Authentication is currently being delayed due to a suspected brute-force attack

Go to solution
Kai_Schröer
Level 5
Partner Accredited

‎12-19-2011 07:39 AM

Hello together,

our customer got this Error:

----

Event Type:       Warning
Event Source:   Enterprise Vault
Event Category: Auth Server
Event ID:           4223
Date:                15.12.2011
Time:                15:58:38
User:                N/A
Computer:         EV-Server
Description:
Authentication is currently being delayed due to a suspected brute-force attack.

Number of failures: 3
Delay period remaining: 60:0 (mins:secs)

During this period users will experience short delays when searching or accessing archived items

----

 

It's possible to deactivate this "feature" with an regkey or anything like this?

It's possible to reset the timer?

Thanks!

Kai

-----------------------------------
https://twitter.com/pmcs_ev
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
TonySterling
Moderator
Moderator
Partner    VIP    Accredited Certified

‎12-19-2011 07:51 AM

What version of EV? Is this for FSA and do you happen to be doing a bulk restore?

Article URL http://www.symantec.com/docs/TECH88133

The above article might help.

View solution in original post

0 Kudos
3 REPLIES 3

Go to solution
TonySterling
Moderator
Moderator
Partner    VIP    Accredited Certified

‎12-19-2011 07:51 AM

What version of EV? Is this for FSA and do you happen to be doing a bulk restore?

Article URL http://www.symantec.com/docs/TECH88133

The above article might help.

0 Kudos

Go to solution
Percy_Vere
Level 6
Employee Accredited

‎12-19-2011 08:31 AM

I've seen this a few times and it's normally resolved by a reboot. There is no way to disable it. It's a windows problem even though the events are logged as EV.

0 Kudos

Go to solution
Kai_Schröer
Level 5
Partner Accredited

‎12-19-2011 08:58 AM

It's EV 9.0.2.

They use also MBX and FSA, but we have no Idea why the error occur. We have increase the value in Tech88133 but the customer need a fast way to reset the counter or deactivate it.

Percy, unfortunately the eventlog doesn't show a windows error. So do you have more detailled Information how the feature works. It should be very usefull when I try to explain the customer that this is a windows error.

-----------------------------------
https://twitter.com/pmcs_ev
0 Kudos