Keep getting a warning in Server log says "Failed to log in"

05-17-2018 05:28 PM
New Contributor III

I keep getting this warning that said "Failed to log in. Invalid username or password specified." Although during that time nobody is trying to login at all. 

This warning will appears every 5 seconds or so and it never stop. Anyone have any idea why it happens?

Tags (2)
22 Replies
Esri Notable Contributor

You'll need to do a bit of digging outside of the Server. Check the logs on whatever is in front of the Server, (web adaptor or reverse proxy). If you're using the web adaptor, the IIS logs will have the IP address of where the request originated. If it's an internal, then you have something/someone to check on. If it's external, you may have to block the IP address.

Occasional Contributor III

Hello Jonathan Quinn‌,

I have the same issue with my hosting ArcGIS Server : every 5 minutes the same error is logged. I am pretty sure it is neither a script nor a user. Everything else is working fine... I can validate the hosting ArcGIS Server from Portal for ArcGIS without any issue.

Any idea from which component it could come from ? The requests are not made through the webadaptor so nothing is logged on IIS.

ArcGIS Server Manager logging error


Esri Notable Contributor

First, I suggest you log an idea on the Ideas site to include Client IP or X-Forwarded-For IP within the queryable columns:

That way, you can determine who is making requests to your Server via supported means.

The only other approach is to use Wireshark or configure access logs within Server's tomcat, which is unsupported.

0 Kudos
Occasional Contributor III

Thanks for the reply Jonathan Quinn‌.

I just created the idea:

Unfortunately, I never managed to make wireshark works with HTTPS...

0 Kudos
by Anonymous User
Not applicable

One thing we've found is that some of our users think they can script and will write a python script with a never-ending try/for/while loop that uses bad / unnecessary credentials. Depending on your scripts and your users, this might be something to check out too!

0 Kudos
Occasional Contributor


I have a similar issue, I am getting a failed login attempt ever 5 mins using the Primary Site Account on Server 10.6.1 These failed login attempt seem to have started since we upgraded to from Enterprise 10.5 to 10.6.1 when I subsequently disabled the PSA account as per the security the recommendations. I've checked the IIS logs as suggested by Jonathan Quinn and can't see anything that corresponds to the time these requests are taking place making me think that they aren't external?

I'm assuming that these requests are therefore an internal arcgis server process however I'm not sure how I track this down to resolve 

Did anyone @ Nicolas GIS  manage resolve these failed login or workout where they are originating from? 



New Contributor II

We are having the exact same error on AGS 10.6.1 This was a fresh install and not an upgrade from 10.5

7716CRITICAL1Failed to log in. Invalid username 'acdb7674-26a6-4b53-8213-6aeae1c193ed' or password specified.

I do note the error  code as '7716' - JMX-RMI port?


Could not start RMI connector. An instance of Node Agent may be running or the JMX-RMI port is in use by another process.

0 Kudos
Occasional Contributor III

Do you have by any chance a second ArcGIS Enterprise deployment on which you have played with the etc/hosts file a bit like it is described on this article ?:

I believe it was my issue : I had played with this file to import production data in dev environment. After destroying my dev deployment, these errors disappeared.

0 Kudos
New Contributor II

Thanks I’ll check it out. I had done a restore from backup to a new dev environment using the utilities on server. The dev site has been removed now.

Diane E. McGuerty

Applications Analyst - GIS

Information Technology

How can IT help you today?


3299 Tamiami Trail East

Suite 600

Naples, FL 34112-5749

Phone: 239.252.6014

Cell: 239-315-1576

Fax: 239.252.6304

0 Kudos