MID Server Service account getting locked out frequently

kalyani8
Giga Expert

‎02-23-2022 09:44 AM

Hello,

We are using AD service Account for MID server used by Discovery. The service account is getting locked out frequently. Unable to find the root cause as no much logs from AD is available.

 

Does anyone faced the same issue, pls assist !

 

Regards,

Kalyani

Labels:
0 Helpfuls
  • 2,029 Views
3 REPLIES 3

Richard Hine
Tera Guru
Tera Guru

‎02-23-2022 11:20 AM

I've come across this before and there are many threads on the communities around it.

In all likelihood, someone else is also using that Service Account for something else.

In this scenario, I recommend you provision a new service account, switch your MID to running under it and ask your AD team to disable the old one, will save you time in the long run.

Hope this helps,

Richard

Rahul Priyadars
Giga Sage
Giga Sage

‎02-23-2022 09:48 PM

Make sure this Service Account is not used by Other System/Places- Try find its usage other than Mid Server

From Security Logs you can see from which IP Addresses session are coming from This user?

Also check the AD policy - after how many failed Login Attempts it will Lock

Regards

RP

 

kalyani8
Giga Expert

‎02-28-2022 06:51 AM

Hello, 

 

Thanks for responding.

To understand the source, we have disabled all the jobs in servicenow. Even though the service account is locked. Network team has provided the logs and its been observed that MID server is targeting the switch devices. We are not sure how the scanning has happened as there is no entry in the discovery device history table.

Is there a way to find out the from where the MID server is targeting the device?

 

Regards,

Kalyani

0 Helpfuls