The user is attempting to log on to an account that is locked by the Windows account information. This may be due to logging on with incorrect information a number of times, and thus exceeding the limit set by the administrator for bad login attempts.
This issue may occur if the passwords for the IWAM_<computer name> account or for the <IUSR_<computer name> account are not synchronized with the Microsoft Internet Information Services (IIS) metabase and with the local accounts directory. See M822699 for details on this issue.
Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.
Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.