We are using a Windows 2003 Enterprise Vault 9.0 for File Server Archiving solution. We have stopped actively archiving a year or so ago, and are trying to recover all documents from this installation. Recently we found that the domain based Vault Service Account (VSA) for EV was locking out every 5 to 10 minutes.
The 2008 Domain Controllers (in the same domain as the EV installation) show error code C000006a, which is "username is correct but password is wrong". When the account is unlocked, access to the NAS, database, file servers and EV server is successful. The VSA is in the local administrators group in all necessary locations, including sysadmin rights on the SQL server. This has been working successfully for 5 years or more.
For troubleshooting purposes, we reduced the environment down to 1 EV server, 1 database server, a NAS, 1 SQL server and no file server clients (the 3 EV services on the file servers using the service account have been disabled). Only 2 services are running on the EV server , the Admin Service and the Directory Service. The VSA password has been "reset" (but not changed) on the domain controller, has been reset on the 2 running services of the EV server, and has been reset on the EV server's Administration Console.
We find that it takes 5 to 10 minutes to see the error message again on the domain controller. Once we unlock it, not reset the password, the VSA account has all the accesses it needs until it locks again. Has anybody seen this before?
I am familiar with EV but not to the extent to read a dtrace file and know what's happening. Even then I'm not sure what to perform a dtrace on other than the 2 running services and the AuthServer, which I believe I have done.
Anybody experienced this issue and successfully resolved it?
Solved! Go to Solution.
The account locking every 5 minutes is indicating 'something' tries to logon or run using the VSA.
I had this in the past, and it turned out there was a scheduled task somewhere which ran under the VSA, but did not have it's password changed. If I recall correct, the team managing AD was able to determine from where the attempts were made, which significantly assisted in resolving the issue.
I also had an issue long time ago, where the password was in the Cached Credentials (Credential Manager I believe). Once cleared, that also resolved it.
I'm not sure that you will find the cause of the locking in a dtrace file, as the account is locked due to improper using authentication.
In some cases your advice would have been the solution. Unfortunately, the disabled scheduled tasks didn't resolve the problem for us. After disabling the scheduled task, unlocking the VSA, the account was locked again within 15 minutes.
I assume you checked the scheduled tasks on the EV servers, but do you perhaps have scheduled tasks or scripts on other servers? I did some Googling, and found below two entries which assist in getting information on the source of the lockout.
These might assist in determining where the action originates, and gives you hopefully the pointer to resolving it.