Hello Folks - often I run into situations (especially when BW is involved) where various users like ALEREMOTE or similar users are getting locked due to too many incorrect logon attempts.  If I know from where (could be within the system or some external SAP system) it is that is calling into this system w/ the wrong pwd, I can fix it.  But it gets tricky when I don't.  I know to scour ST22/SM21 to look for clues but do not think those will give information on which (external) system for sure is calling in and locking the user.

I am aware ST01 gives you opportunity to turn on a trace but not sure that is the best way to solve these situations.  Appreciate any tips you can share.  Thanks