Tracing Login Attempts for account

Hi team,

We're frequently encountering the error: "'emserviceaccount' has reached the maximum number of consecutive incorrect password attempts (5). Password login for the user is currently disabled."

Is there a better way to trace login attempts than using Server Monitor? Could this be caused by a workflow or incorrect credentials saved on a desktop? If so, how can we effectively trace and address this?

Thanks!

Most probably, there is a Desktop that has incorrect password entered in the Server Link. Make sure that the password is correct.

Workflows currently don't have actions that require a Server user password.