I do not see any failed logon attempts in my windows sever 2003 security event log (I see only successful ones). However, I have a user that is getting locked out very often and I need to try to determine why. Is there a setting that might be hiding the failed login attempts, or a way to view these?
If your auditing policy is set to only log successful events, you will only get successful events. Change your auditing policy to log logon failures as well, then look at these Microsoft tools to help you troubleshoot the lockout issue.