Failed to connect to database Underlying DBMS error[ORD-28000: the account is locked No extended error.]

TerryInniss · ‎08-06-2015

The sde database user is continually getting locked out of the database and the caption heading is the error message. Once the DBA unlocks it we are able to connect but as soon as we try to create the map service we get an error and on inspection we find the sde user is locked out. All the research has suggested that a MXD file with an old sde password is trying to connect to the database and hence locking it out. We have disconnected all arcmap instance yet the account still is being locked out. DO ANYONE has a suggestion for this issue.

VinceAngelo · ‎01-12-2016

I don't believe there is any failed attempt threshold. Each time you request an attempt to connect, that connection will be attempted (once). ArcGIS Server manages connection pools differently, but I'm not aware on any limit there either (probably only a frequency thing -- retry interval, not retry count).

- V

KDeVogelaere · ‎01-12-2016

Vince,

That is interesting. It seems ArcMap is using (at least) 3 failed-login attempts and locking the ID every time an MXD (containing a bad username and/or password) is opened with datasource data stored in Oracle. Our Oracle standards allow 3-failed login attempts before locking the Oracle ID. This is a company-wide standard to prevent brute force attacks. I would think ArcMap stops trying to connect after 4,5,6,etc. failed connection attempts, but maybe I'm wrong and ArcGIS Server and ArcMap only have a frequency setting as you suggest.

-K

VinceAngelo · ‎01-12-2016

Look at how layers are modelled. Each layer is associated with a connection (zero or one). Connection pooling (successful connects) will prevent additional connections to the same set of parameters, but unsuccessful connections will not pool (and therefore effectively retry).

Unfortunately, three and done on service-oriented accounts is an effective denial of service attack.

- V