Accessing the target from RCP console or Network Shell throws an error 'Unable to access the host' and in the agent log ('rscd.log') of the target host shows that the 'BladeLogicRSCD' / 'BladeLogicRSCDDC' account is locked out.

The issue is often observed on either Windows domain controller or cluster servers.  

Checking the account in the Active Directory Users and Computers or the local Computer management console shows the account as locked.

EXAMPLE ERRORS in AGENT LOG ('rscd.log'):

NOTE: Please refer to the Troubleshooting Guide for BladeLogicRSCD user lockout issues for more details on troubleshooting these issues.

There are a few different Scenarios where this behavior is observed as the following:

SCENARIO #1: Member Server causes Domain 'BladeLogicRSCD' to lock
This is typically seen in a domain environment where the RSCD service is running as the BladeLogicRSCD user, a job is running against one or more member servers in the same domain and the job executes something on the member server which causes the member server to attempt to communicate with the domain controller with the credentials of the local (member server's) BladeLogicRSCD account.

This results in the domain level account getting locked out, while the member server's account remains unaffected.

SCENARIO #2: Domain Controller to Domain Controller
Similar to the above case, a job running against one domain controller in the domain causes the BladeLogicRSCD or BladeLogicRSCDDC account to lock out.

For both cases above, review the Installing or modifying an existing installation with an alternate or per-server account section in the following doc link: Installing RSCD agents in a replicated domain controller environment.

SCENARIO #3: Server to Server lock
In other cases, this can occur between two member servers or two standalone/cluster servers where there is some relationship between the two servers (for example a persistent mapped drive) and the job executed against one server causes the same attempt to communicate to the other server with its own BladeLogicRSCD credentials and the BladeLogicRSCD account on the server where the job is not running gets locked out.  In the system with the locked account, the event viewer will show event id type 4625 originating from another system.

If the cause of the failed authentication attempts cannot be remedied, then follow the same procedure as noted above: Installing or modifying an existing installation with an alternate or per-server account section in the product documentation, on the system where the BladeLogicRSCD account was locked.

The above procedure will not prevent the failed authentication attempts, but rather stop the failed authentication attempts as BladeLogicRSCD from causing a lock to the account used on the system where the lock is happening.  

SCENARIO #4: Server is generating the failed authentication attempts itself
In this case, the BladeLogicRSCD password may have been incorrectly changed, and that is causing the account to lock.  In that case, review KA 000379333