I changed a Domain Administrator's Password 2 weeks ago and it keeps getting locked out. We are getting Kerberos pre-authentication failed every couple of minutes. Event ID 4771 and then it locks out the account.
We have check all services running on all servers (even shut down our spiceworks server) and the problem does not go away.
We use DFSR.
I can't find anyway to tell where the login attempts are occurring from.
Any help would be greatly appreciated.