Overview
You may face an issue that administrator account that is used to run EventsManager is being locked / blocked repeatedly. Error message: Unlock account. This account is currently locked out on this Active Directory Domain Controller.
The same account is being used to run EventsManager services and also to collect events on the same machine.
Solution
Since the same account is being used to run EventsManager services and collect events on the same machine - leading to simultaneous multiple logins, the AD Domain Controller is blocking the account, finding the behavior suspicious. Please take the following steps:
- Close the EventsManager application.
- On the machine where the EventsManager services are running, open the Services app.
- Stop the GFI Database Server 2.1, GFI EventsManager, and GFI EventsManager Monitor services.
- Change the user that is running EventsManager services - you can either use Local System account or create a separate account with administrator rights.
- Right-click on the GFI Database Server 2.1 service and select Properties.
- From the Log On tab, select the Local System Account option.
Alternatively, click Browse and add newly created admin account and enter its password ('This account' option needs to be selected). - Click OK.
- Change the log on account in the same way for the GFI EventsManager and GFI EventsManager Monitor services.
- Right-click on the GFI Database Server 2.1 service and select Properties.
- Start the GFI Database Server 2.1, GFI EventsManager and GFI EventsManager Monitor services.
Testing
Run the EventsManager application and verify that events are being recorded from the local machine, which can be done from Status > Job Activity or Events Browser.
Note: It may take some time for activities to resume if your system's performance is slow, which can be caused by a large number of records in the DB (the total number of events can be checked in Events Browser); in this case, we recommend to maintain database with reasonable size by enabling DB rotation.
Check the status of the affected account on the Domain Controller - it should not be getting locked anymore.