I recently had to rebuild a Small Business Server 2003 Standard after a crash. I then rejoined the workstations to the domain. Subsequently, many of the Windows XP Pro workstation domain members are experiencing intermittent locked profiles when a user attempts to login, usually after several hours of having no account logged in. A reboot resolves the issue.
We are not using roaming profiles or Terminal Services, and UPHClean in its native configuration is not shedding any light. I have removed and reinstalled the Trend Micro AV client, and disabled many (but not all - some are mission-critical) of the third-party startup services/applications. On three of the workstations, I have renamed the profile and started with a clean profile and copied user files over (but not the Application Data or Local Settings folder, let alone the NTUSER.DAT file).
Any ideas? I'm stumped...
Have you try to enable user environment debug logging?
Maybe it can help you to identify the cause.
At that point I would disjoin from the domain, reboot, delete all user profiles except local administrator. Delete all computer accounts in question from AD users and computers. Then I would rejoin but with computer names that have never been used before on the domain.
BTW, what do you mean when you say the profile is locked.
Also, I have found that when working with SBS it is always best just to use the built-in wizards rather than do anything manually. I'd use the SBS method of rejoining.
Are you sure your network isn't affected by any malware? I ask because Conficker can lock out user accounts. The reboot fixing the problem could be a red-herring, as many domains will automatically reset the lockout after a period of inactivity.
I would log all users off from workstations and then reset everybody's password and then ask them to login using new passwords.
All of these assuming restored backup also restored same user accounts with same SID.