One of my user accounts keeps getting locked out, at 03 and 33 minutes past the hour a bad password attempt is registered with the domain controller meaning that after 3 bad passwords or every 1.5 hours his account gets locked out.
I have checked user's PC but can't find anything set to run every half hour.
Here is the event that gets logged on the Domain Controller after each failed logon attempt is generated:
Log Name: Security
Date: 11/10/2010 10:03:10 AM
Event ID: 4776
Task Category: Credential Validation
Keywords: Audit Failure
The domain controller attempted to validate the credentials for an account.
Authentication Package: MICROSOFT_AUTHENTICATION_P
Logon Account: User that keeps getting locked out
Source Workstation: My ISA server
Error Code: 0xc000006a
<Execution ProcessID="604" ThreadID="10492" />
that keeps getting locked out</Data>
<Data Name="Workstation">My ISA Server
The "Source Workstation" is the name of my ISA server, which makes me think maybe it is somthing on the user's PC trying to authenticate with the ISA server.