IBM Support

IT34360: AUTOMATIC RESET OF LOCKED ACCOUNT AFTER 30 MIN DOES NOT WORK PROPERLY

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • By default the SERVERADMIN account, or any other system
account, should
reset after 30 minutes if it becomes locked.

The reset of the account on IBM Spectrum Protect Plus is not
properly working.

Versions affected: 10.1.5.x and
later

Keywords: TS004031959

Local fix

  • Reboot the IBM Spectrum Protect Plus appliance to reset the
account

Problem summary

  • ****************************************************************
* USERS AFFECTED:                                              *
* IBM Spectrum Protect Plus level 10.1.5 and 10.1.6.           *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* See ERROR DESCRIPTION                                        *
****************************************************************
* RECOMMENDATION:                                              *
* Apply fixing level when available. This problem is currently *
* projected to be fixed IBM Spectrum Protect Plus level        *
* 10.1.7.                                                      *
* Note that this is subject to change at the discretion of     *
* IBM.                                                         *
****************************************************************

Problem conclusion

  • Starting with V10.1.5, IBM Spectrum Protect Plus and vSnap OVAs
had additional OS hardening enabled by default which included
account locking after too many failed attempts. The account is
supposed to unlock after 30 minutes, but if failed attempts
continue to occur, the account may not unlock. This is possible
if there are automated custom scripts/tools that periodically
try to log in to the operating system and they use an incorrect
password. To resolve these issues, account locking is no longer
enabled by default on new OVAs starting with 10.1.7. For
existing systems, account locking is disabled during upgrade to
10.1.7. Users who want to use additional hardening can still
opt-in and enable password expiry using documented steps.
Additional documentation has been added to describe how to
set/reset passwords for root and serveradmin in case of a
lockout. See
https://www.ibm.com/support/knowledgecenter/SSNQFQ_10.1.7/spp/t_
spp_resetting_root_password.html.

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IT34360
    • 

  • Reported component name
    SP PLUS
    • 

  • Reported component ID
    5737SPLUS
    • 

  • Reported release
    A16
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2020-09-25
    • 

  • Closed date
    2020-11-16
    • 

  • Last modified date
    2020-11-19
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    SP PLUS
    • 

  • Fixed component ID
    5737SPLUS
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSNQFQ","label":"IBM Spectrum Protect Plus"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"A16","Line of Business":{"code":"LOB26","label":"Storage"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            31 January 2024
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback