Hi everybody,
Rem: This post is the last hope before forward the question to SAP support.
For a long time I see that my productive SLD_DS_PIP user (pi productive user) is being locked spontaneously. In http log I see
10:09:12 PM ] - 190.160.90.83 : POST /sld/ds HTTP/1.1 401 1734
The time is the same of lock time at ABAP.

SM21 also shows in this time that SAPJSF locked SLD_DS_PIP.
So, no more doubts that some service from 190.160.90.83 calls my productive PI with path /sld/ds by using SLD_DS_PIP with incorrect password.
But I cannot identify what service uses wrong credentials.
The calling system has abap and java (not dual stack) and diagnostic agent.
I checked the following settings:
In ABAP: sldapicust, sldcheck, SM59 - SLD* rfcs. PI development is determined everywhere.
In Java: NWA - Security - destinations, NWA - Infrastructure - SLD Data supplier config.
In DAA config I see that it uses pi development system as an sld host in runtime.properties file.
I though that it could be some problems with Java cache and configuration, but my calling system is being backed-up in offline mode every weekend. Technically we reboot it every weekend.
Could any one help me hot to identify the cause of this locking? What else I should check?
I've worked with many notes, the most helpful was 1665838, and many posts with similar issue, but no luck.
Best regards,
Artem