VMware Horizon Community
rsblind
Contributor
Contributor
‎07-27-2020 10:40 AM

Max logins exceeded "3"

We have our VDI environment setup with the NPS extension going to azure MFA. This was setup by a contractor.

I had a user today attempt to change his authentication method and while I believe it worked from the Azure logs he was having issues logging in via VDI and his account was locked out.

So, two questions.

1. Can I unlock the account? If so how do I do that?

2. I see a couple older docs on increasing the default from 3 failed attempts to 10... Id like to do this but where do I set that?

Thanks

RS

0 Kudos
1 Reply
Shreyskar
VMware Employee
VMware Employee
‎07-29-2020 07:16 AM

Hi rsblind

I think the user account unlocking you need to do on azure AD not in horizon.

No. of failed login attempts is by default set to 3 and is on can be changed on the connection broker:

> Connect to View ADAM database as per https://kb.vmware.com/s/article/2012377

> Set the value "cs-loginattemptslimit=10" to the attribute pae-NameValuePair in the CN=Common object under OU=Global,OU=Properties - this will set the number of max login attempts to 10.

Then do the same on vCenter server:

From the vSphere Web Client go to Administration >> Single Sign-On >> Configuration >> Policies >> Lockout Policy. Click Edit. Set the Maximum number of failed login attempts to 10 and click OK.

vCenter Server Login Fails Because the User Account Is Locked

0 Kudos