I changed my password today and my account locks out every 30 seconds or so.
I used the Account Lockout Status tool to determine the domain controller locking it out, then used EventComb to search for event IDs 4740 on that DC.
It says the calling computer is the DC that locked it out. I made sure I don't have any mapped drives or services running under my account, and I deleted any stored credentials in the Credential Manager from that DC.
Since it was always pointing at the domain controller as the calling computer, I turned off the primary domain controller and let the two backups take over. I still get locked out and now the calling computer is the second domain controller.
Does anybody know of a way to find what computer is actually sending the credentials that are causing the lockout? Maybe using the process monitor or something? For now I've changed my password back to the old one, but I really don't want to keep the same password for security reasons.
I've already made sure my cell phone is off, there are no services running under my account, there are no scheduled tasks running under my account, and no persistent mapped drives.