One or more FMS systems are monitoring Windows servers using SQL Server agents, HostAgents (Infrastructure) and/or Oracle agents.
The logins share a common Active Directory (AD) account for the Windows and database instance logins.
When remote monitoring is enabled, the shared AD service account quickly becomes locked for all of the agents. This can affect hundreds or thousands of agents.
This is most common after a password change in Active Directory so Foglight monitoring agents may still use the old password.
How can a user find out which agent is causing the lockout?
When a common password is used for multiple FMS systems, then the password change must be done for all agents sharing the same AD account at the same time.
Collections are done every second and with hundreds of agents there can be a millisecond of difference between each agent trying to make the connections.
If the password change is not managed, then any single account can lock out the account because agents run constantly hitting the AD account.
As the number of agents using a single AD credential increases, the more critical it is to
The quickest means to prevent account lockups is to stop the OS account from being use and reset the agents and credentials. There isn't a way to easily determine which agent is causing the lockout because the logs will quickly fill up with error messages.