Let me first tell you what is NOT the problem: users mistyping or forgetting their passwords. The lockouts are happening while users are logged on. I will unlock a user, and a few minutes later, the account is locked again. The lockouts are happening in a single department (Customer Service) and only some of the users are getting locked out repeatedly. There are 15 people in the department, but only about 5 are being repeatedly locked out.
The first question I asked myself was what did I change? Recently, I installed a .NET based rate calculator app from UPS on all machines in the department. However, the problem did not immediately appear after I installed the app. A few weeks before that, I upgraded both of my W2K3 Domain Controllers to SP2.
If it is the new app, I'd like some definitive proof that it is the cause before I remove it. If I can't find proof, then i guess my next step will be to uninstall the app on a couple of the PCs that are affected and see if the problem goes away.
More on the environment: I have a single domain with 2 domain controllers, running in 2003 mode. All clients in the Customer Service Department are running XP SP2. My print and file servers are running 2003 with a mix of SP1 and SP2. I have a 2003 SP1 SQL server running MSSQL 2000 STD SP3. I do not have Exchange.
What I have tried: I have installed Mcrosoft's ALockout.dll tool on several of the affected machines, as well as enabling netlogon debugging on those machines. I have also enabled netlogon debugging on both Domain Controllers. However, I am struggling with the interpretation of these logs.