VMware Horizon Community
v_balan77
Enthusiast
Enthusiast
‎02-08-2019 12:53 AM

View Service account getting locked

Seeking help to find the place to update my new password for service account used in view administrator.

A common service account "view_composer" is configured for vCenter and composer server operation. Unfortunately password for this account got changed in AD and new password updated in View administrator > View configuration > Servers > vCenter Servers

     1. vcenter server settings

     2. view Composer server settings

     3. domains

Though i have updated the new password, this account getting locked frequently.  i see security events in connection server .

Event ID: 4625

Task Category : Logon

Failure reason : Unknown user name or bad password.

Screenshot attached.

pastedImage_0.png

9 Replies
vBritinUSA
Hot Shot
Hot Shot
‎02-08-2019 05:32 AM

Have you used this account for system DSN for Composer DB?

Please mark helpful or correct if my answer resolved your issue.
0 Kudos
sjesse
Leadership
Leadership
‎02-08-2019 05:41 AM

did you also use the user/password for the events database?

0 Kudos
vBritinUSA
Hot Shot
Hot Shot
‎02-08-2019 10:15 AM

Events DB only supports the SQL account that I know of but has to be something like that.

Please mark helpful or correct if my answer resolved your issue.
sjesse
Leadership
Leadership
‎02-08-2019 10:19 AM

It works if you force it, some people do not like sql auth.

vBritinUSA
Hot Shot
Hot Shot
‎02-08-2019 11:51 AM

interesting! I didn't ever try!

Yeah, I am one of them not wanting to use SQL accounts if possible.

Please mark helpful or correct if my answer resolved your issue.
0 Kudos
BenFB
Virtuoso
Virtuoso
‎02-09-2019 11:06 PM

If the service account is truly only being used for Horizon then the locations you mentioned should cover it (vCenter, Composer and Domains). We recently saw something similar where we updated the service account password and Composer continue to use the old password. We followed Restart order of the View environment to clear ADLDS (ADAM) synchronization in Horizon View (2068381... and that resolved it.

0 Kudos
ymagalif
Enthusiast
Enthusiast
‎02-10-2019 09:31 PM

v.balan77@gmail.com,

When you remove and add the service account in View administrator > View configuration > Servers > vCenter Servers for vCenter and Composer, you should use the User Principal Name format of the account, for example:

username@domainname.com

Do not use the down-level logon name like DOMAINNAME\username.

I know this sounds ridiculous, but this tip was a recommendation from VMware support for a different issue, and helped me.

This is due to a rare bug in View 7.x.

Perhaps it can help you in this issue.

Sincerely,

Yury Magalif

0 Kudos
v_balan77
Enthusiast
Enthusiast
‎02-11-2019 10:31 PM

Issue not resolved.

1. This account only used in Horizon view environment and new password updated in View Admin page 

2. Account used either EventDB nor Composer DB DSN.

3. Tried update user name with UPN format username@domain but issue not resolved.

4. Also tried clean reboot option but no luck

Regards,

Balan V

0 Kudos
BenFB
Virtuoso
Virtuoso
‎02-12-2019 08:33 AM

You need to track down what is locking out the service account. From the domain controllers you should be able to identify the IP. In the interim I would configure your service account to disable it from being locked out.

0 Kudos