I have an open ticket with Microsoft. They pointed me to
http://support.microsoft.com/kb/264678/EN-US/ I have been unable to get to this link with IE 9. They also said: "When AD calls are made with a UPN name(username@Domainname) with a bad password, an initial attempt is made with Kerberos, and when that fails, an additional attempt is made with NTLM. That is why we are seeing the badpwdcount attribute being incremented twice. When the same attempt is made with a SAM account name (domain\username), only one attempt with Kerberos is made, and consequentially the badpwdcount attribute is being incremented once." My experience with our domain controller is that the count gets bumped to 3 when using UPN and 2 when using SAM. Anyway apparently the way a user name is specified does matter and using UPN formatted user name can more readily cause an account lockout. The link mentions this as a problem with Windows 2000 server domain controllers. I am using a Windows 2008 server R2 domain controller which seems to exhibit different characteristics and it hasn’t been fixed there yet. Just FYI. Kevin Burton Senior Software Engineer BUYSEASONS 262-901-2000 Office 262-901-2312 Fax kev...@buyseasons.com -----Original Message----- From: Castro, Edwin G. (Hillsboro) [mailto:edwin.cas...@fiserv.com] Sent: Wednesday, March 09, 2011 3:39 PM To: General discussion for Windows Installer XML toolset. Subject: Re: [WiX-users] ServiceInstall failure? There are no builtin facilities in Windows Installer nor WiX for checking credentials. You'll need to write a custom action to perform this type of check but beware that this check will likely count against the lockout count if the credentials are incorrect. In other words, if you use the custom action as part of the UI and the user tries to validate wrong credentials enough times, then they will still lockout the account. If the MSI does not have a UI then you'll have to run the installer multiple times with invalid credentials to lockout the account with a validation custom action. In other words, I don’t think you can truly avoid the problem as it depends on how many times a user specifies invalid credentials. I have never seen a single installation attempt lockout an account. In my experience the service fails to start and causes the installation to fail initiating a rollback. No lockout. If I attempt the installation enough times with invalid credentials, then I'll see a lockout which is the same as above. Edwin G. Castro Software Developer - Staff Electronic Banking Services Fiserv Office: 503-746-0643 Fax: 503-617-0291 www.fiserv.com<http://www.fiserv.com> P Please consider the environment before printing this e-mail > -----Original Message----- > From: Kevin Burton [mailto:kev...@buyseasons.com] > Sent: Wednesday, March 09, 2011 4:58 AM > To: General discussion for Windows Installer XML toolset. > Subject: Re: [WiX-users] ServiceInstall failure? > > I consistently get an account lockout when I install and start a > service with the wrong credentials. Everything works fine when the > proper credentials are supplied. I know it is probably an FAQ but I am > just beginning. What facilities are available for checking the > credentials and rolling back the installation > *before* starting the service? I see recently, someone else queried > about conditionally installing/starting a service but I was not able > to follow the conclusion. Thank you. > > Kevin Burton > Senior Software Engineer > BUYSEASONS > 262-901-2000 Office > 262-901-2312 Fax > kev...@buyseasons.com<mailto:kev...@buyseasons.com> > > -----Original Message----- > From: Christopher Painter [mailto:chr...@deploymentengineering.com] > Sent: Friday, January 28, 2011 5:16 PM > To: General discussion for Windows Installer XML toolset. > Subject: Re: [WiX-users] ServiceInstall failure? > > InstallServices standard action in itself cannot *directly* cause an > account lockout. For that matter, I don't think I've ever ( in 7 > years ) seen an install > *directly* fail because of InstallServices. > > StartServices is another story though. > > If the service can't start for whatever reason, then StartServices can > result in a rollback. Also given enough opportunities, a bad password > injected by InstallServices can lead to StartServices locking the account. > > Conversely I've also seen ( at Continental Airlines ) a locked account > fail an install because the service could not start. Again, this > manifests as a problem in StartServices not I > > > --- > Christopher Painter, Author of Deployment Engineering Blog Have a hot > tip, know a secret or read a really good thread that deserves > attention? E-Mail Me > > > > ----- Original Message ---- > From: "Castro, Edwin G. (Hillsboro)" <edwin.cas...@fiserv.com> > To: General discussion for Windows Installer XML toolset. > <wix-users@lists.sourceforge.net> > Sent: Fri, January 28, 2011 1:08:58 PM > Subject: Re: [WiX-users] ServiceInstall failure? > > ServiceInstall is standard functionality provided by Windows Installer. > > I've never had its use result in an account lockout. In my experience > the installer fails after the first time it tries to register the > service but fails because the username/password are invalid. I've > never experienced it to retry any number of times. > > Edwin G. Castro > Software Developer - Staff > Electronic Banking Services > Fiserv > Office: 503-746-0643 > Fax: 503-617-0291 > www.fiserv.com<http://www.fiserv.com> > P Please consider the environment before printing this e-mail > > > > -----Original Message----- > > From: Kevin Burton [mailto:kev...@buyseasons.com] > > Sent: Friday, January 28, 2011 10:50 AM > > To: General discussion for Windows Installer XML toolset. > > Subject: Re: [WiX-users] ServiceInstall failure? > > > > Since it is so basic can you envision a situation where it would > > cause an account lockout? By basic what is the underlying > > implementation being > used? > > > > Kevin Burton > > Senior Software Engineer > > BUYSEASONS > > 262-901-2000 Office > > 262-901-2312 Fax > > kev...@buyseasons.com<mailto:kev...@buyseasons.com> > > > > -----Original Message----- > > From: Rob Mensching [mailto:r...@robmensching.com] > > Sent: Friday, January 28, 2011 7:43 AM > > To: General discussion for Windows Installer XML toolset. > > Subject: Re: [WiX-users] ServiceInstall failure? > > > > The built in service install of the Windows Installer is pretty basic. > >One of the few standard actions I've seriously considered replacing > >with a custom action. > > > > On Thu, Jan 27, 2011 at 10:38 AM, Kevin Burton > > <kev...@buyseasons.com<mailto:kev...@buyseasons.com>>wrote: > > > > > It seems that the default behavior for this code > > > > > > > > > <ServiceInstall Id="BsiServiceInstall" DisplayName="BsiServices Host" > > > Name="ServiceExeFile" Description="Windows Service host for Bsi > > >Web Services" Interactive="no" Account="[SERVICEUSER]" > > > Password="[SERVICEPASSWORD]" ErrorControl="normal" > Start="demand" > > > Type="ownProcess" Vital="yes" /> > > > <ServiceControl Id="BsiServiceControl" Name="ServiceExeFile" > > > Start="install" Stop="uninstall" Remove="uninstall" Wait="yes" /> > > > > > > Is to repeatedly try, even when the password is invalid, until the > > > account specified is locked out. I was wondering if there was a > > > way to catch the first error and display it to the user. > > > > > > Also I would like to associate some sort of progress bar with the > > > installation and starting of this service. Is there a good > > > reference for this type of function? > > > > > > Thank you. > > > > > > Kevin > > > > > > > > > ------------------------------------------------------------------ > > > -- > > > -- > > > -------- Special Offer-- Download ArcSight Logger for FREE (a $49 > > > USD value)! > > > Finally, a world-class log management solution at an even better > > > price-free! > > > Download using promo code Free_Logger_4_Dev2Dev. Offer expires > > > February 28th, so secure your free ArcSight Logger TODAY! > > > http://p.sf.net/sfu/arcsight-sfd2d > > > _______________________________________________ > > > WiX-users mailing list > > > WiX-users@lists.sourceforge.net<mailto:WiX-users@lists.sourceforge.net> > > > https://lists.sourceforge.net/lists/listinfo/wix-users > > > > > > > > > > > > -- > > virtually, Rob Mensching - http://RobMensching.com LLC > > -------------------------------------------------------------------- > > -- > > -------- Special Offer-- Download ArcSight Logger for FREE (a $49 > > USD value)! > > Finally, a world-class log management solution at an even better price-free! > > Download using promo code Free_Logger_4_Dev2Dev. Offer expires > > February 28th, so secure your free ArcSight Logger TODAY! > > http://p.sf.net/sfu/arcsight-sfd2d > > _______________________________________________ > > WiX-users mailing list > > WiX-users@lists.sourceforge.net<mailto:WiX-users@lists.sourceforge.net> > > https://lists.sourceforge.net/lists/listinfo/wix-users > > > > -------------------------------------------------------------------- > > -- > > -------- Special Offer-- Download ArcSight Logger for FREE (a $49 > > USD value)! > > Finally, a world-class log management solution at an even better price-free! > > Download using promo code Free_Logger_4_Dev2Dev. Offer expires > > February 28th, so secure your free ArcSight Logger TODAY! > > http://p.sf.net/sfu/arcsight-sfd2d > > _______________________________________________ > > WiX-users mailing list > > WiX-users@lists.sourceforge.net<mailto:WiX-users@lists.sourceforge.net> > > https://lists.sourceforge.net/lists/listinfo/wix-users > ---------------------------------------------------------------------- > -------- Special Offer-- Download ArcSight Logger for FREE (a $49 USD > value)! > Finally, a world-class log management solution at an even better price-free! > Download using promo code Free_Logger_4_Dev2Dev. Offer expires > February 28th, so secure your free ArcSight Logger TODAY! > http://p.sf.net/sfu/arcsight-sfd2d > _______________________________________________ > WiX-users mailing list > WiX-users@lists.sourceforge.net<mailto:WiX-users@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/wix-users > > > > > > ---------------------------------------------------------------------- > -------- Special Offer-- Download ArcSight Logger for FREE (a $49 USD > value)! > Finally, a world-class log management solution at an even better price-free! > Download using promo code Free_Logger_4_Dev2Dev. Offer expires > February 28th, so secure your free ArcSight Logger TODAY! > http://p.sf.net/sfu/arcsight-sfd2d > _______________________________________________ > WiX-users mailing list > WiX-users@lists.sourceforge.net<mailto:WiX-users@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/wix-users > ---------------------------------------------------------------------- > -------- > Colocation vs. Managed Hosting > A question and answer guide to determining the best fit for your > organization - today and in the future. > http://p.sf.net/sfu/internap-sfd2d > _______________________________________________ > WiX-users mailing list > WiX-users@lists.sourceforge.net<mailto:WiX-users@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/wix-users ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net<mailto:WiX-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/wix-users ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
