I have a user that is being locked out on the domain within seconds of unlocking.
I used Netwrix Account Lockout Examiner and figured out which machine was the culprit. If I turn it off, no problems, the minute it comes back onto the network it locks the user. The machine is a remote test pc running windows 7 that he rdp's into here and there.
When I run an examination everything is "ok,nothing found" but "Examing Logon Sessions" shows this:
...Failed due to the following error: Access is denied. (Exception from HResult: 0x80070005 (E_ACCESSDENIED)
We changed his password on the domain and sync'd everything, removed all mapped drives, checked services logins, made sure there were no local logins, still no joy.