I am currently using ISA 2006 to publish my OWA to the external world. Is there a way to configure the ISA 2006 to monitor the number of fail attempt generated? I mean for example, user1 tries to logon to OWA. If he treis to logon with a wrong password for more then 3 times then ISA will generate an email notifciation to the admin saying this? Just wondering.
Without using an extra application, is there a way to track it? I know that the ISA logs won't be useful in this.How about on the exchange server? How about the event veiwer security logs? If we were to check the event viewer security logs it must be the one on the DC? Correct? Since ISA doesn't perform authentication but the DC? Do you guys know any tool or what event ID we should be aware of?I know this is a tedious job, but just trying to look for options.
A few more questions : 1) If I were to use AD authentication, is there a way that I adjust owa in ISA to stop authenticating a user for maybe 30 mins after 3 failed attempts? I do not want it to lock the account in the AD. Maybe the AD default lockout account is 5 times. 2) Is there a different method to replace RSA? A cheaper solution. 3) ActiveSync connection, do they work on 2 factor authentication? Anyway to get this done?
From: United Kingdom
Forefront UAG does have independent failed logon protection which you can configure per trunk using the Maximum logon attempts setting. UAG then presents the user with an error and from memory you then need to restart the broswer to try again...
Does UAG creates alerts on failed logon? I mean if a user tries login on for 3 times then get the soft lock, will an alert appear in the event viewer or any part for the software? From the documentation, I know that lockoutguard does create an alert in the ISA alert screen when there is fail attempts.
I was testing UAG and it seems that after 3 fail login, if I would to clear cache and cookies and restart the browser or use a different browser I am able to create an account lockout. Is that correct?