For agent/server comms, yes, there is no windows authentication used, so this is not going to be the cause here.
Generally when this kind of thing happens it's because the client machines are trying to update from UNC repositories, and the password for the account they use has been changed. Could this be the case here? What kind of resource are the client machines trying to access?
It's unusual for the same account to be used for repository access as well as DB access, but it's not impossible.
That's what it was. Unfortunately, not all clients get updated right away. In fact some will still have those credentials years from now. So we're going to have to create a new service account for the db access and leave the existing one in place for the UNC until all clients have picked up the change. (The UNC was removed.)
Thats why its always better to use superagents as your repositories, no lockouts, no credentials and they take seconds to setup.