We have frequent account locks out that seem to be origination at user's workstations:
A user account was locked out.
Subject: Security ID: S-1-5-18
Account Name: DomainController$
Account Domain: NT_DOMAIN
Logon ID: 0x3e7
Account That Was Locked Out: Security ID: S-1-5-21-2030126595-979527223-1756834886-1337
Account Name: JohnS
Additional Information: Caller Computer Name: JohnS-PC
It affects only certain workstations on the domain, and we cannot pinpoint what is actually causing this behavior. We started noticing it last week - on the day we have added New routable UPN Suffix to all domain users. We have no idea if this is the cause or just a coincidence - we've seen this happening before, but it was usually caused by phones or persistent network connections. Any ideas how to tracked down a problem?