Intruder Lockout from Server, Netware 4.

One of my admin equivalent accounts recently had an automatic password change and is constantly being locked out. I checked my backup & virus scan, neither is responsible. The Intruder Lockout address is the main server, but I believe everything that should be running is. I’ve checked through all the logs & don’t see any changes that would have caused this. How can I trace down what service is actually causing the problem?