I ran into an odd situation the other day and attempting to figure out what happened that might have lead to this event. The server in question is part of a three node cluster that we use for our primary file share. All servers are OES2015 SP1, the resource that is typically on this server server is our primary file share at 4TB. What apparently happened on the server is, logins were disabled by some event, unknown what, why, or how. The servers have not been patched for 90 days, they were on a schedule for patching until I came across a TID about a bug with Apache and iPrint, patching was suspended until the release of the patch to resolve that issue. Server utilization was minimal (99.97% idle) at the time of the event in question, memory utilization was normal, all logs were clean with the exception of the ncpserv.audit.log stating that logins were disabled.

I did open a SR and they recommended patching due to high utilization in NDSD with the libncpengine, again, the server was not and currently is not affected by any utilization or memory issues that I can tell. I did fail over the resource to another node and have not yet patched or rebooted the sever is question, just for further inspection.

Has anyone ever had logins disabled by itself? Seems really odd.... I just want to get an idea of what potentially happened before I apply a new patch set.

Thanks for any comments.