We have a very strange case. Here is the description.
An employee has been having lockout issues every 15-30 minutes whenever she tries to access her email through web outlook.
I have installed Account Lockout tools and i have monitored and seen that a bad password is coming every 5 minutes.
Ran a log trace on all the domain controllers and found that the lockout is originating from the email server.
Installed trial version of Netwrix and same thing it says, lockouts are coming from the mail server.
Ran examine option and all it says is there are no persistent mappings for this user or for that matter. Only it says is invalid logons every 5 minutes.
Checked her laptop and found that there are no stored credentials/mapped drives etc.
I am at a loss here as what could be causing the lockouts for this user only to be coming from the mail server.
Any inputs will be greatly appreciated.