This section provides guidelines for the case where unexpected client behavior triggers an IP lockout event. In order to use the instructions outlined in this section, you must be signed on as an Admin user role or signed on as a SysAdmin acting on behalf of an organization's administrator (Org Admin). Typically, MOVEit Transfer sends email notifications to an Admin user when a lockout event occurs.

Figure 1. Locked Out IP Addresses (with unlock all control available as shown)
Note: . Using the Unlock All IP Addresses control (when available) is not best practice.

What Email Notifications Indicate an IP Lockout Occurred

Email notifications that indicate an IP lockout occurred take the following formats:
  • The following IP address was locked out for sign-on violations...
  • Failed to sign-on: This IP address has been locked out...
  • Cannot register new users. "Invalid registration info, invalid reCAPTCHA response, or not allowed to register from this location."

Logfile Entries that Indicate IP Lockout

Logfile entries might indicate the following:

Error code 2976 Failed to sign on: This IP address has been locked out

To Unlock a Locked out IP Address

If your intent is to unblock a single user's IP address, it helps to know that address. (On busy production systems, there could be one or more IP addresses not belonging to your users that were locked out for good reason). Also, as an added precaution, you can ask the user to sign on using a MOVEit Desktop or the WebUI from a location (IP address) that has worked in the past.

As admin user, sign-on to MOVEit Transfer, and then:
  1. Click on the SETTINGS tab, then from the Security Policies panel, click on Remote Access - IP Lockouts.

    The Settings (Security) view displays.

  2. Find the IP address the user is trying to connect from. (If there is a long list, you can use Ctrl + F. to search on the IP or the username.)
  3. Click the unlock button.
Note: For more information, see the topic titled Security Policies - Remote Access - IP Lockouts, IP Whitelist, IP Switching.

How Can I Circumvent IP Lockout Policy

For cases where you have traffic coming from a trusted host or device, let's say from a properly configured version of MOVEit Automation, and you know that client's IP address will not change, you can add the client's IP Address to the Whitelisted IP Addresses table.
Note: While it is possible to configure user account lockouts to automatically resolve after a certain time period, it is not possible to do the same for IP lockouts.