User's AD accounts keep being locked automatically. I'm confident it isn't the obvious problem with users typing in the wrong password repeatedly.
Whenever this happens the System log in Event Viewer is full of messages like:
Event ID 8005 The browser has received a server announcement indicating that the computer X is a master browser, but this computer is not a master browser.
Event ID 8009 The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is X.
Event ID 8019 The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.
I'm assuming the two are related, but am having trouble finding anything to back this up.
Best Answer
Browser election messages and locked accounts might have some similiar dodgy network connectivity root-cause, but they're not related.
Here's a decent article about troubleshooting the Computer Browser service that's causing your browser election messages: http://support.microsoft.com/kb/188305
As far as the locked user accounts go, I'd suspect that the user has either a cached credential somewhere (wireless Ethernet authentication via PEAP, the account being used as a service user context, /SAVECREDS on a client computer, etc) that has an old password specified.
Troubleshooting account lockout isn't too fun. Have a look at Microsoft's article here for starts: http://technet.microsoft.com/en-us/library/cc773155(WS.10).aspx You need to have the right amount of security logging enabled on your domain controller computers to correlate the lockouts with real-world events (starting a given computer up, starting a service, etc). There are some tools that can help collect the event logs from multiple domain controllers and aggregate them to find the cause of the account lockouts (see http://www.microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E) since the events will be distributed across the security logs on, potentially, all domain controller computers.
The long-and-short of account lockout troubleshooting is that you need to turn up your security auditing and start researching what's happening in the real world when the lockout event occurs.