A few months back, I did upgrade my Portal to 11.3. We have an account policy that all build-in users should change their password every 90 days, which also applies to the main administrative account.
Now after 90 days I get my main admin account frequently locked due to bad login credentials. The Portal for ArcGIS logs tell me this happens every 15 minutes and it tries it 5 times, so I get 20 bad log in attempts every hour.
Normally this is user error and you still have some automated process with the old credentials. I checked everything, but couldn't find it (where using Azure Keyvault as our centralized credential storage and all scripts should get it there, but this doesn't rule out there is still some script or process out there.
The installation of ArcGIS Enterprise is split over 4 machines, 1 for Portal, 1 for ArcGIS Server, 1 for the datastore and 1 for the Webadaptors and other custom webapps. I did some extensive research in my IIS logs and could not find the bad logins from the IIS request, this raised the question whether these bad logins where coming from outside ArcGIS Enterprise.
To get a definitive answer to this: I blocked port 7443 and 7080 on the Portal for ArcGIS Server Windows Firewall. And still I would get these bad sign ins, so it looks like the bad sign ins are coming from the server where Portal is installed. There is no other software running on this machine, or scheduled tasks or scripts. So I assume it is the portal process itself which is doing the bad sign ins. Could this really be?
Has somebody the same experience? Any solutions?
-Joël Hempenius.
Languages: JavaScript, Python and Dunglish
