+1
Hi guys,
yesterday I tripped over an interesting information in my Commcell Event Viewer.
User [admin] attempt to log on was denied.Severity: Information
Program: EvMgrS
I got this entry every 2-5 minutes and I ask myself where it comes from because I thought we don’t use this user. There is no use of user ‘admin’ in task scheduler or in our Automic UC4.
Any idea where I can find further information?
Thanks in advance
Christian
Best answer by Stuart Painter
View originalhi
There are multiple paths to follow, depending on the details you’ll need to find.
This can be a console login attempt, then you’ll see details in the webconsole.log and/or webserver.log files.
You can also look for the Audit Report of the webconsole, such a very handful report. Apply the filters, and check (but if it’s a remote access that’s denied, not sure you’ll catch something).
And if something is set in your Commvault environment to use the ‘admin’ login, while it’s disabled or password has changed, you can also try to find that through Commcell Console’s Control Panel / User account management, input the username (here ‘Admin’) , check the ‘skip password check’ and select the Preview button, to see if it’s configured. If not you’ll get this :
+1
Hi Laurent,
thanks for your reply.
This can be a console login attempt, then you’ll see details in the webconsole.log and/or webserver.log files.
You can also look for the Audit Report of the webconsole, such a very handful report. Apply the filters, and check (but if it’s a remote access that’s denied, not sure you’ll catch something).
There are no entries regarding the ‘admin’ user.
And if something is set in your Commvault environment to use the ‘admin’ login, while it’s disabled or password has changed, you can also try to find that through Commcell Console’s Control Panel / User account management, input the username (here ‘Admin’) , check the ‘skip password check’ and select the Preview button, to see if it’s configured. If not you’ll get this :
It’s not configured, I get the same message “No User names or passwords were found that matched the criteria specified.”.
I found these information in EvMgrS.log:
8624 444 01/18 15:46:33 ### IsTFADisabledForUser() - TFA is disabled for user with id=[1]
8624 444 01/18 15:46:33 ### EvSecurityMgr::validateUser() - Attempt to validate credentials of User [admin], id[1] failed with error [0]
8624 444 01/18 15:46:33 ### EvSecurityMgr::userLogin() - Socket [0x0000000000000D4C]: LOGIN ERROR: Invalid login/password attempt with UserName [admin] from [cvsw020], Attempt [1/3]
8624 444 01/18 15:46:33 ### ::sendResponse() - FAILED [Invalid username/password. Please use valid credentials to log in.]
8624 444 01/18 15:46:33 ### handleLoginOperations() - Encrypted Login Failed.Browser Session Id [3413]
Best regards
Christian
Hi
I have seen occurrences of this issue before.
There is an option to "Require authentication for Agent installation" on Commcell properties that requires credentials to be provided for each client installation.
Customize the Package Configuration
User Administration and Security Online Help
I have seen previous cases where a custom installer may have embedded admin credentials that have since been changed and the client will persistently try to authenticate, generating these messages.
It may be possible to pin this down to a particular client from EvMgrS.log and referencing CvInstallMgr.log for corresponding activity.
Thanks,
Stuart
+1
Hi
It may be possible to pin this down to a particular client from EvMgrS.log and referencing CvInstallMgr.log for corresponding activity.
Thank you! 
I found a lot entries for different servers in CvInstallMgr.log like this:
7096 3460 01/19 12:21:05 ### XML Request :<?xml version="1.0" encoding="UTF-8" standalone="no" ?><CVInstallManager_ClientSetup Focus="Instance001" Operationtype="0" RemoteClient="1" requestFlags="5246976" requestType="1"><CommServeInfo><CommserveHostInfo _type_="3" clientName="cvsw020" hostName="cvsw020"/></CommServeInfo><ClientAuthentication><userAccountToLogin domainName="" password="********" userName="admin"/></ClientAuthentication><clientComposition activateClient="1" packageDeliveryOption="0"><clientInfo><client clientPassword="********" cvdPort="8400" installDirectory="C:\Program Files\Commvault\ContentStore"><clientEntity _type_="3" clientName="xysw3449" hostName="xysw3449.contoso.de"/><osInfo PlatformType="X64" SubType="Server" Type="Windows" Version="6.2"><OsDisplayInfo OSBuild="9200" OSName="Windows Server 2016 Standard" ProcessorType="WinX64"/></osInfo><jobResulsDir path="C:\Program Files\Commvault\ContentStore\iDataAgent\JobResults"/><versionInfo GalaxyBuildNumber="BUILD80"><GalaxyRelease ReleaseString="11.0" _type_="58"/></versionInfo></client><clientProps BinarySetID="3" ClientInterface="xysw3449.contoso.de" byteOrder="Little-endian"/></clientInfo><components><componentInfo ComponentId="1" ComponentName="File System Core" _type_="60" clientSidePackage="1" consumeLicense="0"/><componentInfo ComponentId="702" ComponentName="File System" _type_="60" clientSidePackage="1" consumeLicense="1"/><commonInfo><storagePolicyToUse _type_="17" storagePolicyName="CV_DEFAULT"/></commonInfo><fileSystem/></components><patchInformation cumulativeUpdatePackNumber="19" friendlyName="18Apr" spVersion="14.0" transactionID="1685454"><packagePatches pkgId="1"/><packagePatches pkgId="702"/></patchInformation></clientComposition><installFlags activateAllUserProfiles="0"/></CVInstallManager_ClientSetup>
7096 3460 01/19 12:21:05 ### Start to get auto register client Info
7096 3460 01/19 12:21:05 ### Calling Workflow [AutoRegisterClient] to get auto register client Info for client [xysw3449]
7096 3460 01/19 12:21:05 ### No active Workflow [AutoRegisterClient] is found
7096 3460 01/19 12:21:05 ### Start to get auto register client Info
7096 3460 01/19 12:21:05 ### Getting information for client authentication feature.
7096 3460 01/19 12:21:05 ### <?xml version="1.0" encoding="UTF-8" standalone="no" ?><CVInstallManager_ClientAuthentication AuthenticationEnabled="1" DomainConfigured="1" PrincipalName="svc-cv" ProviderID="1" SSOEnabled="1"><userAccountToLogin domainName="" password="********" userName="admin"/></CVInstallManager_ClientAuthentication>
7096 3460 01/19 12:21:05 ### Preparing to logon to CS
7096 3460 01/19 12:21:05 ### Attempting a log on to CS
7096 3460 01/19 12:21:06 ### Failed to login. Error Invalid login/password.
7096 3460 01/19 12:21:06 ### Invalid login/password.
7096 3460 01/19 12:21:06 ### No active Workflow mapped to message [CVInstallManager_ClientSetup] is found
7096 3460 01/19 12:21:06 ### Invalid login/password.
Best regards
Christian
+1
Any idea how to fix that problem?
Hi
There are a couple of options for you to check:
Consider the implications of having "Require authentication for Agent installation" enabled for your environment.
If the setting is valid and useful, then client installations will need to comply with that rule. You may have older custom client installations with now invalid credentials set in the answer file.
If the setting isn’t useful and authentication during installation isn’t a requirement for your environment, then potentially you should consider removing that authentication requirement.
Thanks,
Stuart
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
