I am seeing from multiple servers that the administrator account is generating Kerberos pre-authentication failed.
Event id 4771
Failure Code 0x18
Service Name krbtgt/<domainname>
It does this from our SharePoint server that host the Intranet page, my Symantec End Point Server and my Citrix XenApp Server indicated in the Event Log > Security
This transaction does occasionally lock the Administrator account out.