AD User is getting locked by machine JCIFSxxx_xx_xx (4260636)

To monitor the operating system a domain account is being used and it authenticates via the Active Directory (AD). Database and Infrastructure agents are using this account/credential.

The AD account is getting locked. The parameter badPasswordCount reached its limit (10) and then the AD locked the account.

After stopping the database agents and unlocking the account everything works fine again, once the database agents started again the badPasswordCount increases.

As a originator of the lock a client machine called JCIFSxxx_xx_xx is displayed.

To allow/use NTLMv2 please adjust the used credential in Foglight:

1. Go to "Administration | Credentials"
2. Click on "Manage Credentials"
3. Find the problematic credential and click on the edit button in the second column
4. Select "Credenial Properties"
5. Once the popup window opened, expand the "Optional Advanced Settings"
6. Tick the box "Use NTLMv2 authentication. Enable this setting only if your connection requires the use of this deprecated protocol"
7. Click on "Next" until you reach the end of the wizard and finally click on "Finish"

Also please check if one of the database agents is having "User Defined Performance Counter" defined. Please disable that collection or stop the agent. Check is the badPasswordCount still grows.