We have a problem currently where a user account from a person that has left the company is trying to authenticate every 5 minutes to vCenter. The problem is the logs doesn't show you where the account is trying to authenticate from. I suspect it's possibly a script or an applet that's configured to run somewhere...
All that the logs show are:
Error 1331 authenticating user %username%.
Failed to authenticate user <%username%>
Anyone have any ideas on how I can try and trace where the authentication attempts is originating from? Is that possibly hidden away in some other logs?
Cheers,
Hanré
Have you checked the services on that server to see if there account is tied to that. I remember making that mistake once and changed my password. Needless to say I kept getting my account locked out. Hope this helps.
Thanks, but none of the services are configured to run with those credentials.
You can try to use the Windows Firewall to log the request.
Or a sniffer to see if the attach is from the network.
If is locally you can see in the process or in the scheduled tasks.
Andre
if you know the account name use account lockout tools from microsoft to see if its stuck on a pc or server anywhere,
http://www.microsoft.com/en-gb/download/details.aspx?id=18465
Is the account still in AD or is it a local account within VMware?
I also presume you've checked the session manager in vcenter?
If the account is still logged into a host i believe that stays there until the host is rebooted but may be wrong...maybe someone else could confirm that or Google
Hope that helps
Alex