I have a device managed by NPM and NCM and attempts to authenticate to it from my solarwinds address keeps locking out my TACACS account, I've updated my devcie login credentials correctly and tested this. I have checked to see if there are any scheduled jobs running against this in NCM and there is not, yet, when I run a report on my TACACS server to see where I am being locked out from I can see that it is the address of my Orion server from which the authentication attempt is being made.
This suggests to me that there is a job running against that node from NCM that was set up with old TACACS creds but as I said I've updated my login in credentials on NCM and I can then even go to the box and do a config download so I am authenticating fine from my solarwinds server.....2 minutes later and the TACACS account is locked out again....check the report in TACACS and it can see the successful authentication but then my account gets logged out for attempting to log in to the very same box I downloaded config from 2 mins ago.
Is there any type of log I can look at too see all ssh comms between my server and the node on which I keep getting logged out on? I have tried session trace but this doesn't seem to be the tool for the job.
Very frustrating. Ideas?