I have a middle tier server running Zen 7, sp1. Recently a user started getting intruder lockout on their eDir account. The lockouts happen about every 10 minutes. The user has the Novell client installed and doesn't use the middle tier server. When I check, the intruder's address points back to the Zen server that is running the middle tier service. I have tried enabling logging on the middle tier server, but that didn't help. The middle tier debug log shows that an attempt was made for this user and that the account is locked:

"Sat, 15 Sep 2007 10:07:16 GMT","XTIER-SERVER","informational","0xC7FFFF3B","XSrvAuthenti cateUser:: Session: c99000101010001 user: joesnow.admin.corp failed authenticating to: 169.179.xx.xxx"

How can I find what machine is causing this account to keep locking?