The same Active Directory (AD) service account is used for the OS connection and the Database connection by the SQL Server agents used for Foglight monitoring often gets locked. How can the password be changed so that the account is not locked out while the password is changed?
When a common password is used for multiple FMS systems, then the password change must be done for all agents sharing the same AD account at the same time.
Collections are done every second and with hundreds of agents there can be a millisecond of difference between each agent trying to make the connections.
If the password change is not managed, then any single account can lock out the account because agents run constantly hitting the AD account.
As the number of agents using a single AD credential increases, the more critical it is to
The quickest means to prevent account lockups is to stop the OS account from being use and reset the agents and credentials. There isn't a way to easily determine which agent is causing the lockout because the logs will quickly fill up with error messages.
KB 121835 includes a groovy script to make a mass update for the password in all SQL Server agents on the FMS. This could be done in place of steps 3-5.
KB 267448 includes groovy script to make a mass update to turn of the OS monitoring for all SQL Server agents on a FMS. This could be done in place of step 6.
KB 267448 includes groovy script to make a mass update to turn of the OS monitoring for all SQL Server agents on a FMS. This could be done in place of step 10.