Monitor for password change or expiration

We had a situation recently that has raised some questions.  We have a spam filter that uses ldap to query for real accounts before allowing email in.  A service account is used for the ldap query. 

That password got changed/expired/something happened to it last night so all email was being blocked.  When I looked at the account in AD the account was not locked out and the password was set not to expire.  I re entered the password and tested LDAP with no issues.

 

Now here is my question, can you think of any way to setup monitoring using IP monitor to test if a certain account and password is working. 

  • Try using an RPC-type Monitor, such as a Windows Service monitor using "rpc" communication type. Give it the windows credential in question, and get it going on the ipMonitor host (you may need to give that additional account permissions on the ipMonitor host).

    OR

    Use a User Experience Round Trip Email Monitor. It sends and picks up an email. It's PERFECT for your scenario, and covers more than just your spam filter. Be sure to configure the email host in the System Settings if you haven't done so already.

    Let us know if this works for you.

  • Ill try using a server monitor.  I dont think the Exchange Round Trip will work.  If I choose POP3 and then change the port to 25 it gets mad.

     

    An error occurred while communicating with the Exchange Server: The response from the remote device does not adhere to protocol specification

     

    I cant use port 110 because I need to test the SPAM firewall is working and accepting connections and it doesnt take connections from 110 or IMAP.  I need to hit the samp device and have it test.

  • Okay, it's probably best.

    If you do decide to try the round trip wizard in the future, keep in mind that port 110 is intended for where we pick up the email, not where it is sent. SMTP specific parameters are configured (globally) here:

    Configuration > System Settings > Email Delivery

  • Got it thanks, we have our monitoring system doing directly to the exchange box so that wont work for us.

    Im not sure how monitoring a service using that account is going to help?  Are you saying if I just pick the worksation service for example, and I change the password for the ldap service that monitor will throw an alert?

  • Im not sure how monitoring a service using that account is going to help?

    In your scenario, you found that a particular account could not login and do it's business. By having ipMonitor try the account & password on a regular basis, when monitoring a Window Service of your choice, you are essentially monitoring if that account can still be used.

    Does that make sense?

  • Yeah, I think so.

     

    It doesnt really matter what service we are monitoring, because we are not mointoring the serivce as much as we are monitoring the account that is monitoring the service.

     

    Thanks for the help

  • I would make a script with the username and password you want to test and then use an external process monitor.

  • Peter's suggestion of using the round trip email monitor has a lot of merit.  It just takes some getting your head around and setting up right.

    You can have IPM send a test email to an external email address (say, Gmail) via your Exchange server and out via your SMTP gateway.  You configure the Gmail account to automatically forward any emails back to an internal email address, so the test emails come back in through your SMTP gateway (which tests the LDAP credentials and lookup) and into a mailbox on your Exchange server where IPM picks it up via POP3.  You've then tested every link in the chain between you and the outside world and back again, including your ISP, your external MX records, etc.  To make it the ultimate monitor, add a GSM modem so that you can still get alerted when your email is down ;-)

    We use this monitor exactly as I've described.  It's probably the most valuable monitor we have.

    Hi Peter.  Welcome back!  Nice to see you back on Thwack with your excellent input.

    Rgds, Simon

  • Nice Simon, that helps.  Thats a great option.  i just didnt look at the big picture.

  • Hey Simon, I am little confused, bare with me.

     

    I am working on the first part of the setup.  It prompts me for

     

    Email to: ouraddress@gmail.com

    Email from: ouraddress@ourdomain.com

    Server paramaters

    Ip address/domain name:  Not sure what to put here (pop.gmail.com???)

    TCP PORT 110

    Credential for monitoring: I made a credential with our ouraddress@gmail.com as the user name and our password