Active directory account locks up when using JDE

higgs312

Active Member
We have certain users that will be working in the JDE web client (IE11 32bit), when suddenly, their active directory accounts locks on them. Their JDE account does not lock...only their AD account. We are not using LDAP.

It seems to happen when their session has been idle for several minutes and then they try to click on something in JDE

The JDE usernames are 8 characters long (some are 9). We do not create usernames longer than 9 characters.

JDE is published using Citrix Receiver version 3.3.0.17207. No other published app does this.



Has anyone experienced this or has even heard of anything like this? This issue popped up around a month ago.



We are on JDE 9.0...toolset 9.2.0.3

Windows Server 2012 R2 on all JDE servers

Windows 10 x64 desktop

SQL Server 2014
 
With LDAP authentication not in use, the JDE application (and JDE security server) could not be the source of authentication failures to AD. I have not seen this with Citrix Receiver personally but there are plenty of threads going back to the ICA client that talk about accounts being locked out after launching of published apps. The theme is generally that the user has changed their password while the published app is running and the app then trying to establish connections to mapped drives and printers in the background and now passing the incorrect password end up locking out the account.

Older versions of Receiver like 3.3 are also prone to weird keyboard problems such as the TAB and ESC and other keys going missing in session. Of course that could not have anything to do with account lockout since you aren't actually entering a password in this scenario.

I have used the LockStatus tool (https://www.microsoft.com/en-us/download/details.aspx?id=15201) to help track down the source of account lockouts. If you have multiple domain controllers this wil help you find which one is recording the lockout and you can then review the security event log to try to pin down the cause further.
 
Thx JEMILLER. I suspected Citrix but I am having a difficult time convincing others.
I will look into your suggestion
 

Similar threads

E9.2 FAO those running LDAP with JDE
Replies
2
Views
2K
CWadda
E9.2 Some E1 Pages are white after a Server Crash
Replies
2
Views
2K
MFreitag
MFreitag
E9.2 AIS Orphan Sessions using tokenrequest/logout via .NET Core 6 Minimal API
Replies
2
Views
1K
EDouglas
E8.9 Erroneous Account Lockouts on Management Console
Replies
5
Views
2K
jackaustin
Mike Mackinnon
E9.2 Sales Order Credit Hold (CO) for A/R and SO Entry
Replies
1
Views
2K
Mike Mackinnon
Mike Mackinnon
Back
Top