My partner, Mike, and I just set up a new Windows Server 2012R2 domain controller for our big client. Since the new server has come online, my domain admin account has been locked out 5 to 10 times per day. I checked the security log on the new server and, sure enough, repeated audit failures for my user account come up with the "source workstation" being my laptop. The screenshot below shows a typical audit failure.
I've been logging in via RDP to the new server, the old server (which will remain online for another week or two), and several office workstations repeatedly over the past few days setting up the office's custom app (which is MSSQL / Access / .NET based). The lockouts are occurring when I'm logged to one or more machines and when I'm not logged into any machine and my laptop is simply connected to the LAN.
I've been wracking my brain wondering what process on my laptop could be hitting the server with my local credentials and producing the lockout. (Or, perhaps my laptop has cached my domain credentials from my client's domain and is attempting to login using an old password.)
It's worth noting that my local user account matches my domain account somewhat. MyLaptop\jdana, PW = MyPassord and MyClientDomain\jdana PW = MyPassword.
I used to use Windows credentials on my old laptop (Control Panel\All Control Panel Items\Credential Manager) to make accessing my clients' networks easier, but Windows credentials can produce lockouts. I haven't used them in years.
Before the new server came online, I wasn't seeing any lockouts.
My client Windows 8 workstation is running in an OS X / Parallels environment.