anyone have issues with cloud connectors locking service accounts/admin accounts?

Are you sure the password wasn't changed?

hey Shane all the cloud connector windows services run under local system or network service acoount so dont use a GMSA or AD service account . Only AD account lockout a cloud connector could potentially cause would be a account used for authenticating to a proxy when installing the cloud connector but even then you should use a unauthenticated proxy or allow the citrix cloud urls directly on the FW. Are you talking about other general service accounts / admin accounts not related to Citrix ?

in my example we have a service account used for computer join operations which is rotated daily in Cyberark. I have a series of cloud connectors in particular resource location that monthly will lock the account. There is no trace of that account on the cloud connector in services, logs, etc.

Ahh so its the AD account you used to create machine accounts in AD when creating a machine catalog ? i prefer to pre stage the computer accounts in AD first then use the existing accounts option rather than using a AD account granted rights on OU to create the computer account objects. Not sure where that would be stored as its normally a one time operation (specifying account creds with relevant permissions in AD to add computer account) anything in the get-acctidentitypool ?