Anyone using VMware compute resources having problems with integration account (AD) locking?

Using foreman 1.8.2 and i'm having an issue that the service account used
to connect foreman -> vmware keeps locking itself after a period of time as
if there is a bad old password saved somewhere.

Anyone else experience similar issues?

No one has admin access to change this account, no other services use this
account, it's only connected to foreman but it keeps locking itself… i
simply unlock the account, go into foreman, put in the password, click load
datacenters/save to to make sure it works… and it does… then a while
later it locks itself again.

Any clues how to debug this?

Quick bits I've used when troubleshooting similar issues (not the same as
yours though): look in your /var/log/foreman/production.log to get more
info on the failure.

from a machine connect to AD, run 'net user /domain serviceaccount' and
look for the "Account Active" field to see if its locked prior performing
some function with the compute resource.

In our organization we just ended up creating a 'foreman@vsphere.local'
account to handle any operations from the foreman server. It works well
enough and eliminates the AD as a point of failure. This may not be an
option to everyone given IT security policies.