We have an issue where after a password change in AD some of our vcenter users are getting their accounts locked out because vcenter is trying to authenticate against the domain with a bad password, any ideas? I was unable to find anything useful in vpxd.log.
Is vCenter joined to the Domain using integrated AD authentication or you're using it as ldap auth? Is this multiple users, service account, or something else? Did the AD team determine that the source of the lockout was vCenter? Wasn't sure if they used Download Account Lockout and Management Tools from Official Microsoft Download Center to determine this.
Thanks for the reply. Vcenter is using LDAP for auth. This is multiple user accounts (vcenter admins) They determined the source through a utility that basically parses logs on domain controllers.
Select vCenter server -> Monitor -> Event -> find out the failed user session and it provides and IP address
User login failed session is coming from that machine or an application installed from that IP address is trying to reach vcenter
stop one by one services like netapp, veeam, backups or monitoring tools etc and see if the requests stopped
This happens when the services is configured or cached with the old password. As per the above post the best way would be monitor the failed user session.Under initiator tab you would find the IP address. Further troubleshooting needs to be performed logging in to it.