Using TrueSight Server Automation (TSSA) Console or Network Shell accessing the BladeLogicRSCD account throws an error 'Unable to access the host' and in the rscd.log of the target host shows that the BladeLogicRSCD / BladeLogicRSCDDC account is locked out.

Checking the account in the Active Directory Users and Computers or the local Computer management console shows the account as locked.

For example rscd.log shows:

ERROR rscd - servername 10748 SYSTEM (Not_available): (Not_available): [listen_thread:RSCD_WinUser::logonPassword:LsaLogonUser()] : The referenced account is currently locked out and may not be logged on to. ERROR rscd - servername 10748 SYSTEM (Not_available): (Not_available): listen_thread ERROR: 9002:Internal Error - Caught exeception. ERROR rscd - servername 10536 SYSTEM (Not_available): (Not_available): Main: Wait Failed on handle. RSCD start failed.

Note: Please see the Troubleshooting Guide for BladeLogicRSCD user lockout issues for more details on troubleshooting these issues.

There are a few different situations where this is behavior is observed: 

Member Server causes Domain BladeLogicRSCD to lock
This is typically seen in a domain environment where the RSCD service is running as the BladeLogicRSCD user, a job is running against one or more member servers in the same domain and this job executes something on the member server which causes the member server to attempt to communicate with the domain controller with the credentials of the local (member server's) BladeLogicRSCD account.

This results in the domain level account becoming locked out, while the member server's account remains unaffected.

Domain Controller to Domain Controller
Similar to the above case, a job running against one domain controller in the domain causes the BladeLogicRSCD or BladeLogicRSCDDC account to lock out.

For both cases above, review the Installing or modifying an existing installation with an alternate or per-server account section in the product documentation.


Server to Server lock
In other cases, this can occur between two member servers or two standalone servers where there is some relationship between the two servers (for example a persistent mapped drive) and the job executed against one server causes the same attempt to communicate to the other server with its own BladeLogicRSCD credentials and the BladeLogicRSCD account on the server where the job is not running gets locked out.  In the system with the locked account, the event viewer will show event id type 4625 originating from another system.

If the cause of the failed authentication attempts cannot be remedied, then follow the same procedure as noted above: Installing or modifying an existing installation with an alternate or per-server account section in the product documentation, on the system where the BladeLogicRSCD account was locked.



The above procedure will not prevent the failed authentication attempts, but rather stop the failed authentication attempts as BladeLogicRSCD from causing a lock to the account used on the system where the lock is happening.  

Server is generating the failed authentication attempts itself
In this case, the BladeLogicRSCD password may have been incorrectly changed, and that is causing the account to lock.  In that case, review KA 000379333