Application identity account lockout


Article ID: 157377


Updated On:


Endpoint Encryption


The Altiris Service Account (Application Identity) keeps getting locked out.


The Altiris account password NS clients are using to connect back to the NS contains incorrect password information. There are several possible causes for this.

Scenario 1:

The Altiris App ID Account password was changed in Active Directory before changing it in the NS Console. After editing the web.config file, the NS console will open for a short time before the Altiris App ID Account is locked out. This is caused by the managed clients having incorrect service account password information.


Scenario 2:


The Agent Connectivity Credential is set with an incorrect password. When the clients check-in, they cache this credential. If it is incorrect, the account gets locked-out when they attempt to communicate back to the NS.



Scenario 1:

Uninstall and reinstall the Altiris agent.


Scenario 2:

Change the Agent Connectivity Credential to a valid username and password to prevent lockouts. This can be accomplished by setting it to "Use application credentials".


To make the change, navigate to Settings -> Agents/Plug-ins > Altiris Agent > Settings > Global Agent Settings. Then click on the Authentication tab