Smartermail resets user's passwords to blank password after a server crash
Problem reported by Oved Blass - June 10, 2017 at 4:40 AM
Submitted
We had a server that hanged two times in the last several days.
The cause of the hang was:
Combination of Microsft's patch KB4019215 and bad iSCSI connections, as described here:
serverfault.com/questions/851617/windows-server-2012-r2-kernel-threads-increase-until-the-system-hang
 
Before we found the cause of the hangs, the way out of it was to reset the server  (press the physical reset button).
The server hosts SmarterMail 15.4.6151 Entrprise edition.
After each reset, we received dozens of calls from customers complaining that they can't access their mailbox.
It didn't happen to all account, but to approximately 5% of the accounts.
When we looked at these accounts, their password were blank and the Display Name was "N/A".
The affected users did not try to change their passwords, they were probably accessing their account around the time of the reset.
Probably smartermail is rewriting the entire userConfig.xml (as we can see the time stamps of these files).
Servers do crash sometimes, and it shouldn't reset the passwords in these cases. The file 
that holds the passwords should not change that often (perhaps some minor changes to the user profile
cause a rewrite of the entire information to the file - which is a problem in case of a crash).

1 Reply

Reply to Thread
0
Brendan Blewett Replied
This strikes me as a fairly big problem.

Reply to Thread