The Active Directory account used for Exchange monitoring gets locked repeatedly

Version 1
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PATROL for Microsoft Exchange Servers


    PATROL Knowledge Module for Microsoft Exchange Server


    Patrol for Microsoft Exchange Servers 6.0/6.1 and PATROL Agent 10.0.00 and above


    The default AD account being used for Exchange monitoring keeps getting locked repeatedly.


    The 10.0.00 PATROL Agent introduces the use of AES password encryption. The Patrolagents prior to this version used DES encryption.
    PATROL for Microsoft Exchange Servers 6.0 / 6.1 does not support AES encryption.
    Hence, the password verification for the account fails and gets locked.

    The 6.1.01 Service Pack for the Exchange KM adds AES support to the KM. The documentation for the Service Pack is present in the link below:

    It is recommended to upgrade the KM to version 6.1.01 to resolve this issue.

    We also need to check the account status at the time of the issue.

    use net user <username> /domain command to check the account status if it's still active.

    Check if required access rights are provided to PatrolAgent.

    Login to the server and run rsop (Active Directory command).

    This will provide the information of group policies assigned to that user.

    Check the 7 access rights if they are in place.

    Article Number:


    Article Type:

    Solutions to a Product Problem

      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles