Re: "AccountLocked: true" issue for Concurrent login(same ID) on around 100 to 1000 server

Please  also find the sample messages per debug logs on the server having account lockout:

5:30:08 DIAG PAMIsUserAllowedAccess2 > base.aduser CN=Account10,OU=Applications,OU=ServiceAccounts,DC=corp,DC=CMP,DC=com: AccountLocked: false 5:30:08 DEBUG PAMIsUserAllowedAccess2 > audit User 'Account10' is authorized

5:30:08 DEBUG PAMIsUserAllowedAccess2 > daemon.ipcclient2 User 'Account10' is allowed access 5:30:08 DEBUG PAMDoesLegacyConflictExist > daemon.ipcclient2 Checking to see whether a legacy conflict exists for user 'Account10'

5:30:08 DEBUG PAMDoesLegacyConflictExist > adclient.pam.util username Account10, presented: , effective: , unix: unknown

5:30:08 DEBUG PAMDoesLegacyConflictExist > adclient.pam.util Checked for local account 'Account10', UID=146923: not found

5:30:08 DEBUG PAMDoesLegacyConflictExist > daemon.ipcclient2 No legacy conflict for user 'Account10' 5:30:08 DEBUG PAMTimeUntilPasswordChange > daemon.ipcclient2 Checking to see how long before a password change is required for user 'Account10' 5:30:08 DEBUG PAMTimeUntilPasswordChange > adclient.pam.util username Account10, presented: , effective: , unix: unknown

5:30:08 DEBUG PAMTimeUntilPasswordChange > daemon.ipcclient2 User 'Account10' must change their password in -1337168075 seconds

5:30:08 DEBUG sshd(9582)> AuditTrailEvent: Centrify Suite PAM 300 0.0 (null) Account10 <userSid> (null) 9582

5:30:08 DEBUG ATProxySetAuditTrailEvent > daemon.ipcclient2 AuditTrailEvent from proxy: Centrify Suite PAM 300 0.0  Account10 <userSid> DA_SESSION_ID: [] 9582

5:30:08 DEBUG ATProxySetAuditTrailEvent > adclient.pam.util username Account10, presented: , effective: , unix: unknown

5:30:08 INFO TRAIL|Centrify Suite|PAM|1.0|300|PAM account management granted|5|user=Account10(type:ad,Account10@CORP.CMP.COM) pid=9582 utc=1496831408894 centrifyEventID=24 300 status=GRANTED service=sshd tty=ssh client=neslx1046.hq.CMP.com

5:30:08 DEBUG PAMUserIsOurResponsibility > daemon.ipcclient2 Checking to see if 'Account10' is our responsibility.

5:30:08 DEBUG PAMUserIsOurResponsibility > adclient.pam.util username Account10, presented: , effective: , unix: unknown

5:30:08 DEBUG PAMGetUnixName > daemon.ipcclient2 Getting unix name of 'Account10'

5:30:08 DEBUG PAMGetUnixName > adclient.pam.util username Account10, presented: , effective: , unix: unknown

5:30:08 DEBUG PAMGetUnixName > daemon.ipcclient2 Unix name for 'Account10' is 'Account10'

5:30:08 DEBUG sshd(9578)> Set credentials for user 'Account10'

5:30:08 DEBUG sshd(9578)> Setting credentials for user 'Account10'

5:30:08 DEBUG sshd(9578)> Creating credentials for user 'Account10'

5:30:08 DEBUG PAMCreateKrb5Creds > daemon.ipcclient2 Creating krb5 credentials cache for user 'Account10'

5:30:08 DEBUG PAMCreateKrb5Creds > adclient.pam.util username Account10, presented: , effective: , unix: unknown

5:30:08 DEBUG PAMCreateKrb5Creds > base.aduser getKerberosName: name=Account10, uobj.isEmpty: false 5

:30:08 DEBUG PAMCreateKrb5Creds > base.aduser Storing credentials for Account10@CORP.CMP.COM in FILE:/tmp/krb5cc_146923

5:30:08 DEBUG sshd(9578)> Set credentials for user 'Account10': Credentials file created in 'FILE:/tmp/krb5cc_146923'

5:30:08 DEBUG sshd(9578)> AuditTrailEvent: Centrify Suite PAM 200 0.0 (null) Account10 <userSid> (null) 9578

5:30:08 DEBUG ATProxySetAuditTrailEvent > daemon.ipcclient2 AuditTrailEvent from proxy: Centrify Suite PAM 200 0.0  Account10 <userSid> DA_SESSION_ID: [] 9578

5:30:08 DEBUG ATProxySetAuditTrailEvent > adclient.pam.util username Account10, presented: , effective: , unix: unknown

5:30:08 INFO TRAIL|Centrify Suite|PAM|1.0|200|PAM set credentials granted|5|user=Account10(type:ad,Account10@CORP.CMP.COM) pid=9578 utc=1496831408984 centrifyEventID=24200 status=GRANTED service=sshd tty=ssh client=neslx1046.hq.CMP.com

5:30:08 DEBUG PAMGetUnixName > daemon.ipcclient2 Getting unix name of 'Account10'

5:30:08 DEBUG PAMGetUnixName > adclient.pam.util username Account10, presented: , effective: , unix: unknown

5:30:08 DEBUG PAMGetUnixName > daemon.ipcclient2 Unix name for 'Account10' is 'Account10'

5:30:08 DEBUG sshd(9578)> Open session for user 'Account10'

5:30:08 DEBUG PAMGetSessionEnv > daemon.ipcclient2 Getting environment variables for user 'Account10'

5:30:08 DEBUG PAMGetSessionEnv > base.aduser Windows Kerberos name for CN=Account10,OU=Applications,OU=ServiceAccounts,DC=corp,DC=CMP,DC=com: Account10@CORP.CMP.COM

5:30:08 DEBUG PAMGetSessionEnv > daemon.ipcclient2 Completed request for environment variables for user 'Account10'

5:30:08 DEBUG PAMGetSessionEnv > daemon.ipcclient2 USER_PRINCIPAL_NAME = 'Account10@CORP.CMP.COM'

5:30:08 DEBUG sshd(9578)> Open session: Set environment variable "USER_PRINCIPAL_NAME=Account10@CORP.CMP.COM" via pam_putenv

5:30:08 DEBUG PAMCreateHomeDirectory > daemon.ipcclient2 Creating home directory for user 'Account10'

5:30:08 DEBUG PAMCreateHomeDirectory > adclient.pam.util username Account10, presented: , effective: , unix: unknown

5:30:08 DEBUG PAMCreateHomeDirectory > base.aduser Windows Kerberos name for CN=Account10,OU=Applications,OU=ServiceAccounts,DC=corp,DC=CMP,DC=com: Account10@CORP.CMP.C OM

5:30:08 DEBUG PAMCreateHomeDirectory > pam.util Directory /home_dir/Account10 for user Account10: already exists.

5:30:08 DEBUG PAMCreateHomeDirectory > pam.util /home_dir/Account10/.k5login already exists. Skip creating.

5:30:08 DEBUG sshd(9578)> Open session for user 'Account10': directory already exists.

5:30:08 DEBUG PAMUserLoggedIn > daemon.ipcclient2 User 'Account10' has logged in

5:30:08 DEBUG sshd(9578)> AuditTrailEvent: Centrify Suite PAM 500 0.0 (null) Account10 <userSid> 48a66c69-60f9-9e4f-9e54-9522ec0ccf53 9578

5:30:08 DEBUG ATProxySetAuditTrailEvent > daemon.ipcclient2 AuditTrailEvent from proxy: Centrify Suite PAM 500 0.0  Account10 <userSid> DA_SESSION_ID: [48a66c69-60f9-9e4f-9 e54-9522ec0ccf53] 9578

5:30:08 DEBUG ATProxySetAuditTrailEvent > adclient.pam.util username Account10, presented: , effective: , unix: unknown

5:30:08 INFO TRAIL|Centrify Suite|PAM|1.0|500|PAM open session granted|5|user=Account10(type:ad,Account10@CORP.CMP.COM) pid=9578 utc=1496831408993 centrifyEventID=24500 st atus=GRANTED service=sshd tty=ssh client=neslx1046.hq.CMP.com

5:30:09 DEBUG PAMGetUnixName > daemon.ipcclient2 Getting unix name of 'Account10'

5:30:09 DEBUG PAMGetUnixName > adclient.pam.util username Account10, presented: , effective: , unix: unknown

5:30:09 DEBUG PAMGetUnixName > daemon.ipcclient2 Unix name for 'Account10' is 'Account10'

5:30:09 DEBUG sshd(9578)> Close session for user 'Account10'

5:30:09 DEBUG sshd(9578)> Close session for user 'Account10': KRB5CCNAME(FILE:/tmp/krb5cc_146923) 5:30:09 DEBUG sshd(9578)> Close session for user 'Account10': AppName(sshd)

5:30:09 DEBUG PAMUserLoggedOut2 > daemon.ipcclient user Account10 just logged out.

5:30:09 DEBUG PAMUserLoggedOut2 > base.kerberos.krb5cacheops removed credentials cache /tmp/krb5cc_146923 for user Account10

5:30:09 DEBUG sshd(9578)> AuditTrailEvent: Centrify Suite PAM 600 0.0 (null) Account10 <userSid> 48a66c69-60f9-9e4f-9e54-9522ec0ccf53 9578

5:30:09 DEBUG ATProxySetAuditTrailEvent > daemon.ipcclient2 AuditTrailEvent from proxy: Centrify Suite PAM 600 0.0  Account10 <userSid> DA_SESSION_ID: [48a66c69-60f9-9e4f-9 e54-9522ec0ccf53] 9578 5:30:09 DEBUG ATProxySetAuditTrailEvent > adclient.pam.util username Account10, presented: , effective: , unix: unknown

5:30:09 INFO TRAIL|Centrify Suite|PAM|1.0|600|PAM close session granted|5|user=Account10(type:ad,Account10@CORP.CMP.COM) pid=9578 utc=1496831409028 centrifyEventID=24600 s tatus=GRANTED service=sshd tty=ssh client=neslx1046.hq.CMP.com

5:30:36 DEBUG PAMUserIsOurResponsibility > daemon.ipcclient2 Checking to see if 'Account10' is our responsibility.

5:30:36 DEBUG PAMUserIsOurResponsibility > adclient.pam.util username Account10, presented: , effective: , unix: unknown

5:30:36 DEBUG PAMUserIsOurResponsibility > base.objecthelper.ad Cache expired 7eb4168b832d094b91041724fc387480, CN=Account10,OU=Applications,OU=ServiceAccounts,DC=corp,DC=t arget,DC=com

5:30:36 DEBUG PAMUserIsOurResponsibility > base.objecthelper.ad Cache expired 7eb4168b832d094b91041724fc387480, CN=Account10,OU=Applications,OU=ServiceAccounts,DC=corp,DC=t arget,DC=com

5:30:36 DEBUG PAMUserIsOurResponsibility > lrpc.adobject new object: <GUID=7eb4168b832d094b91041724fc387480>;<SID=0105000000000005150000004e69bd022c38e77ecf52185d108c3700 >;CN=Account10,OU=Applications,OU=ServiceAccounts,DC=corp,DC=CMP,DC=com

5:30:36 DEBUG PAMUserIsOurResponsibility > base.objecthelper.user prepare CN=Account10,OU=Applications,OU=ServiceAccounts,DC=corp,DC=CMP,DC=com, cacheOps f, new usn 1788 110691, old usn 1786971950

5:30:36 DEBUG PAMUserIsOurResponsibility > base.zonehier fetchAndExtend: Account10

5:30:36 DEBUG PAMUserIsOurResponsibility > base.objecthelper.ad Cache expired 515f1e54db2f5d44a0738640bc1b25d8, CN=Account10,CN=Users,CN=Zone111,OU=Zones,DC=hq,DC=CMP, DC=com

5:30:36 DEBUG PAMUserIsOurResponsibility > base.objecthelper.ad CN=Account10,CN=Users,CN=Zone111,OU=Zones,DC=hq,DC=CMP,DC=com merged with cached version

5:30:36 DEBUG PAMUserIsOurResponsibility > base.cache Cache store <GUID=515f1e54db2f5d44a0738640bc1b25d8>;CN=Account10,CN=Users,CN=Zone111,OU=Zones,DC=hq,DC=CMP,DC=com : update indexes No

5:30:36 DEBUG PAMUserIsOurResponsibility > base.schema.cdc get ext type 1 for CN=Account10,CN=Users,CN=Zone111,OU=Zones,DC=hq,DC=CMP,DC=com 

5:30:36 DEBUG PAMUserIsOurResponsibility > base.aduser User  (origUPN: Account10@corp.CMP.com) new UPN: Account10@CORP.CMP.COM 

5:30:36 DEBUG PAMUserIsOurResponsibility > base.objecthelper.user Membership Update: Up-to-date: CN=Account10,OU=Applications,OU=ServiceAccounts,DC=corp,DC=CMP,DC=com (5 groups) 

5:30:36 DEBUG PAMUserIsOurResponsibility > base.objecthelper.user DirectAuthorize is not enabled, skipping check if user Account10 is forced into restricted environment 

5:30:36 DEBUG PAMUserIsOurResponsibility > base.cache Cache store <GUID=7eb4168b832d094b91041724fc387480>;<SID=0105000000000005150000004e69bd022c38e77ecf52185d108c3700>;C N=Account10,OU=Applications,OU=ServiceAccounts,DC=corp,DC=CMP,DC=com : update indexes No 

5:30:36 DEBUG PAMGetUnixName > daemon.ipcclient2 Getting unix name of 'Account10' 

5:30:36 DEBUG PAMGetUnixName > adclient.pam.util username Account10, presented: , effective: , unix: unknown 

5:30:36 DEBUG PAMGetUnixName > daemon.ipcclient2 Unix name for 'Account10' is 'Account10' 

5:30:36 DEBUG sshd(9627)> Authentication for user 'Account10' 

5:30:36 DEBUG PAMVerifyPassword > daemon.ipcclient2 Verifying password for user 'Account10', application is sshd, DZPamGate check is Disabled 

5:30:36 DEBUG PAMVerifyPassword > adclient.pam.util username Account10, presented: , effective: , unix: unknown 

5:30:36 DEBUG PAMVerifyPassword > daemon.ipcclient validatePlainTextUser Account10 

5:30:36 DIAG PAMVerifyPassword > daemon.ipcclient validatePlainTextUser user=Account10 domain=CORP.CMP.COM 

5:30:36 DIAG PAMVerifyPassword > daemon.ipcclient Validating password for Account10 against KDC 

5:30:36 DEBUG PAMVerifyPassword > base.aduser getKerberosName: name=Account10, uobj.isEmpty: false 

5:30:36 DEBUG PAMVerifyPassword > base.aduser Getting user (user & pw) Account10@CORP.CMP.COM 

5:30:36 DIAG PAMVerifyPassword > base.aduser getCredentials for Account10@CORP.CMP.COM salt:CORP.CMP.COMAccount10 

5:30:36 DIAG PAMVerifyPassword > base.aduser password will expire in 177688 hours for user Account10@CORP.CMP.COM 

5:30:36 DEBUG PAMVerifyPassword > base.objecthelper.user Resetting user Account10: password expiration to Sun Sep 13 21:30:36 2037 

5:30:36 DEBUG PAMVerifyPassword > base.aduser Update user CN=Account10,OU=Applications,OU=ServiceAccounts,DC=corp,DC=CMP,DC=com: from PAC (justUpdate=1 updateGroups=1) 

5:30:36 DEBUG PAMVerifyPassword > base.objecthelper.user Membership Update: Up-to-date: CN=Account10,OU=Applications,OU=ServiceAccounts,DC=corp,DC=CMP,DC=com (5 groups) 

5:30:36 DEBUG PAMVerifyPassword > base.aduser User CN=Account10,OU=Applications,OU=ServiceAccounts,DC=corp,DC=CMP,DC=com: Found 5 groups in PAC. 

5:30:36 DEBUG PAMVerifyPassword > base.aduser User CN=Account10,OU=Applications,OU=ServiceAccounts,DC=corp,DC=CMP,DC=com: password times: last Mon Jun  5 07:25:00 2017 , min Tue Jun  6 07:25:00 2017 , max MAXINT64 

5:30:36 DEBUG PAMVerifyPassword > base.objecthelper.user DirectAuthorize is not enabled, skipping check if user Account10 is forced into restricted environment 

5:30:36 DEBUG PAMVerifyPassword > base.cache storeUpdateAttrs in cache CN=Account10,OU=Applications,OU=ServiceAccounts,DC=corp,DC=CMP,DC=com 

5:30:36 DEBUG PAMVerifyPassword > daemon.ipcclient savePwdHash for user: Account10@CORP.CMP.COM 

5:30:36 DEBUG PAMVerifyPassword > base.cache Cache store <GUID=7eb4168b832d094b91041724fc387480>;<SID=0105000000000005150000004e69bd022c38e77ecf52185d108c3700>;CN=Account10 ,OU=Applications,OU=ServiceAccounts,DC=corp,DC=CMP,DC=com : update indexes No 5:30:36 DIAG PAMVerifyPassword > audit User 'Account10' authenticated based on Kerberos exchange to AD 

5:30:36 DEBUG PAMVerifyPassword > daemon.ipcclient2 Password verification succeeded for user 'Account10' 5:30:36 DEBUG PAMVerifyPassword > daemon.ipcclient2 Stored credentials for user 'Account10', uid 146923 5:30:36 DEBUG sshd(9627)> AuditTrailEvent: Centrify Suite PAM 100 0.0 (null) Account10 <userSid> (null) 9627 

5:30:36 DEBUG ATProxySetAuditTrailEvent > daemon.ipcclient2 AuditTrailEvent from proxy: Centrify Suite PAM 100 0.0  Account10 <userSid> DA_SESSION_ID: [] 9627 

5:30:36 DEBUG ATProxySetAuditTrailEvent > adclient.pam.util username Account10, presented: , effective: , unix: unknown 

5:30:36 INFO TRAIL|Centrify Suite|PAM|1.0|100|PAM authentication granted|5|user=Account10(type:ad,Account10@CORP.CMP.COM) pid=9627 utc=1496831436957 centrifyEventID=24100 status=GRANTED service=sshd tty=ssh client=neslx1046.hq.CMP.com 

5:30:36 DEBUG DAIIsUserAllowedAccessByAudit2 > daemon.ipcclient2 Checking to see if user 'Account10' is allowed access to sshd by audit 

5:30:36 DEBUG DAIIsUserAllowedAccessByAudit2 > adclient.pam.util username Account10, presented: , effective: , unix: unknown 

5:30:36 DEBUG DAIIsUserAllowedAccessByAudit2 > daemon.ipcclient2 Audit level of user 'Account10' is AuditIfPossible 

5:30:36 DEBUG DAIIsUserAllowedAccessByAudit2 > daemon.ipcclient2 User 'Account10' is allowed access by audit 

5:30:36 DEBUG sshd(9627)> Account management for user 'Account10': access granted 

5:30:36 DEBUG PAMGetUnixName > daemon.ipcclient2 Getting unix name of 'Account10' 

5:30:36 DEBUG PAMGetUnixName > adclient.pam.util username Account10, presented: , effective: , unix: unknown 

5:30:36 DEBUG PAMGetUnixName > daemon.ipcclient2 Unix name for 'Account10' is 'Account10' 

5:30:36 DEBUG sshd(9627)> Account management for user 'Account10' 

5:30:36 DEBUG PAMIsUserAllowedAccess2 > daemon.ipcclient2 Checking to see if user 'Account10' is allowed access to sshd from callerUID 0 

5:30:36 DEBUG PAMIsUserAllowedAccess2 > adclient.pam.util username Account10, presented: , effective: , unix: unknown 

5:30:36 DIAG PAMIsUserAllowedAccess2 > base.aduser CN=Account10,OU=Applications,OU=ServiceAccounts,DC=corp,DC=CMP,DC=com logonHours = 'fffffffffffffffffffffffffffffffff fffffffff' 

5:30:36 DIAG PAMIsUserAllowedAccess2 > base.aduser CN=Account10,OU=Applications,OU=ServiceAccounts,DC=corp,DC=CMP,DC=com logonHours restricted: No 

5:30:36 DIAG PAMIsUserAllowedAccess2 > base.aduser CN=Account10,OU=Applications,OU=ServiceAccounts,DC=corp,DC=CMP,DC=com: AccountLocked: true