How to clear the LOGINBLOCK table
Notification Date: November 3rd, 2021
WebSphere® 8.5.5.17 Security Enhancement - may cause Maximo® users to be blocked
- Symptom
-
Users will see the following when attempting to login to Maximo:
'You are unable to login at this time. Please contact your administrator
- Background
-
When Maximo users have a large number of failed login attempts Maximo will add the user's IP address to the LOGINBLOCK table. Maximo will automatically block connections from the IP's addresses listed in this table.
WebSphere introduced a security enhancement in the WAS 8.5.5.17 patch that causes the LOGINBLOCK.CLIENTHOST field to be populated with the server IP address instead of the client's IP address. This has the potential to cause all users to be blocked when a new record is added to the LOGINBLOCK table.
This issue can be identified by running the following query. Please note you must have direct database access to run this:
SELECT * FROM MAXIMO.LOGINBLOCK;
If there are records in this table then likely users are facing issues because of these records.
- Resolution
-
To resolve this issue:
-
As Maximo administrator (maxadmin or equivalent) navigate to Go To -> Security -> Users application and select the ‘Manage Blocked IP Addresses' from the 'More Actions’ section. The list of blocked IP addresses can be removed through the dialog that is displayed. The Maximo administrator has the ability to add or remove IP addresses used in the blocking functionality.
-
You can also submit a case to have a CDS DBA run the following statement to clear out the LOGINBLOCK table by running the following query against the target environment / database:
DELETE FROM MAXIMO.LOGINBLOCK;
-
The following IBM® support document provides additional details on the LOGINBLOCK functionality: