Answer

PROBLEM

The GFI service account is getting locked out occasionally.

ENVIRONMENT

• GFI EndPointSecurity
• GFI EventsManager
• GFI LanGuard
• GFI Network Server Monitor
• All supported environments

SOLUTION

Clear the "alternate credentials" configuration box or use a different administrative account for "alternate credentials" other than the GFI service account.

For example:

1. Create 2 accounts which have the required permissions for the GFI product: DOMAIN\gfi1 and DOMAIN\gfi2
2. Configure the service of the GFI product to run under DOMAIN\gfi1
3. Use DOMAIN\gfi2 for "alternative credentials"

CAUSE

GFI security products often need to connect to remote machines to gather information. These products also have the ability to use "alternative credentials" in order to connect to the remote machines. Normally the GFI service account will be used to connect.

If you configure the product to also use the GFI service account credentials as "alternate credentials" you may occasionally experience account lockouts of this account.

If the logon to the remote machine fails with the service account credentials (for whatever reason), the GFI product immediately retries with "alternate credentials" thereby increasing the failed logon count and leading to the account getting locked out.