Problem
I have a Windows domain user account that gets automatically locked-out semi-regularly.
Troubleshooting Thus Far
The only rule on the domain that should automatically lock an account is too many failed login attempts.
I do not think anyone nefarious is trying to access my account. The problem started occurring after changing my password so I think it's a stored credential problem. Further to that, in the Event Viewer's System log I found Warnings from Security-Kerberos that says:
The password stored in Credential
Manager is invalid. This might be
caused by the user changing the
password from this computer or a
different computer. To resolve this
error, open Credential Manager in
Control Panel, and reenter the
password for the credential
mydomain\myuser.
I checked the Credential Manager and all it has are a few TERMSRV/servername credentials stored by Remote Desktop. I know which stored credential was incorrect, but it was stored for Remote Desktop access to a specific machine and was not being used (at least not by me) at the time of the warnings. The Security-Kerberos warning appears when the system was starting up (after a Windows Update reboot) and also appeared earlier this morning when nobody was logged into the machine.
Clarification after SnOrfus answer:
There was 1 set of invalid credentials that was stored for a terminal server. The rest of the credentials are known to be valid (used often & recently without issues). I logged on to the domain this morning without issue. I then ran windows update which rebooted the computer. After the restart, I couldn't log in (due to account being locked out). After unlocking & logging on to the domain, I checked Event Viewer which showed a problem with credentials after restarting.
Since the only stored credentials (according to Credential Manager) are for terminal servers, why would there be a Credential problem on restart when remote desktop was not being used?
Question
Does anyone know if Windows 7 "randomly" checks the authentication of cached credentials?
Best Answer
No, this isn't the case. What I suspect might be wrong is that you still have previous credentials stored. Try removing the stored credentials from Credential Manager, and then connect and log on to the domain (this will re-cache your credentials).
Afterward there shouldn't be any problems.
Note: There are also methods that your sysadmin could be using to expire cached credentials, but that doesn't seem to be the case here. You might want to ask, just in case though.