Domain account locked out on vCenter Server

That’s a very small problem but it struggles you if you are enterprise datacenter administrator. As you may know the best practices to run application is by service account. But sometimes  you may testing applications by your own domain account and forget remove it.

Few days ago, my domain account locked out on domain controller. The audit report indicated it locked out by vCenter Server every 5 seconds. Then I logged in the vCenter Server, checked out Task SchedulerServicesTask Manager…etc. Nothing was running under my domain account. I stopped applications one by one on the vCenter Server and related plugin services. No help, I felt so frustrated!!!

Here is how I figured it out eventually.

  1. Download TCPView from Microsoft website.
  2. Run it on the vCenter Server.
  3. Sort by Local Address.
  4. See which foreign address is connecting the vCenter Server.

After the steps above I finally figured out that root cause was my VMware View LAB VM tried to authenticate on vCenter Server by my domain account and stored old password. I powered up the old VM few days ago.

这可能是一个很小的问题,但如果你是企业级数据中心管理员,这个问题可能会很困扰你。如你所知在日常使用中最好用Service Account来运行应用程序。但是有时候你可能和我一样需要用自己的域帐号做一些测试但之后又忘记删除了。

几天前,我的域帐号被域控制器锁定了。域报告显示我的帐号每5秒钟就会被vCenter服务器锁定一次。我在vCenter服务器上检查了任务管理器、服务、计划任务等等,并没有发现任何东西使用我的帐号。然后我将vCenter服务器上的所有服务、应用程序都停了,还是不行!

最终我找到了问题原因,以下是方法:

  1. 从微软网站下载TCPView
  2. 在vCenter服务器上运行。
  3. 选择以Local Address本地地址)排序。
  4. 查看连接到vCenter服务器的Foreign Address外部地址)。

最终原因是我几天前把一台旧的VM开机了,这台VM上是当时以我的域帐号安装的VMware View做测试用。

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s