If you are integrated then the admin password is held in there. If it's changed (during the upgrade) then this might casue the login to become locked out.

Somewhere you have something trying to log in as admin which is using the wrong password. If you can't track it down, rename the admin user to something like crmadmin.

I'm able to login using the same password if I set  user_AccountLockedOut to NULL. If the password is wrong, then I think I will not be able to log in. Right?

What type of license is being used?  Do you have a concurrent user and is the System administrator set to use a named license - so should always be able to logon.  What other system log on to Sage CRM - do you have a webservice or integration using the Admin credentials?  The login attempt should show in the logs.  When this occurs what does using eware.dll/sysadmin tell you?

No password change during the upgrade.

I'm able to login using the same password if I set  user_AccountLockedOut to NULL. If the password is wrong, then I think I will not be able to log in. Right?

Look in the System Log

If a password is entered incorrectly you should see information like the set below showing up

Jul 28 2020 9:35:11.817 21120 21680 1 Login Attempt starting for
Jul 28 2020 9:35:15.985 21120 21680 1 Login Attempt starting for Admin
Jul 28 2020 9:35:15.993 21120 21680 1 Thread entered critical section [UserSessionCritSect] to retrieve existing UserSession
Jul 28 2020 9:35:15.993 21120 21680 5 Thread leaving critical section [UserSessionCritSect] to retrieve existing UserSession
Jul 28 2020 9:35:15.994 21120 21680 5 No existing UserSession found for this user logging in
Jul 28 2020 9:35:15.994 21120 21680 5 Will now actually do the login for user Admin
Jul 28 2020 9:35:16.129 21120 21680 1 Thread leaving critical section [UserSessionCritSect]

Look back and see if you have multiple logon attempts for the Admin users that are failing and locking the account.

System license type is Named user licensing.

No integration.

eware.dll/sysadmin log shows as follows

eWareBaseObject.Logon,LogonID Admin
Jul 28 2020 12:41:10.726 7576 16260 5 Will now actually do the login for user Admin
Jul 28 2020 12:41:11.210 7576 16260 1 Already logged ID: 1295490183
Jul 28 2020 12:41:11.538 7576 16260 1 Already logged ID: 1342669114
Jul 28 2020 12:41:56.911 8248 5628 3 eWareBaseObject.Logon,LogonID EscalationService
Jul 28 2020 12:41:56.926 8248 5628 5 TUserSession.Create finished.
Jul 28 2020 12:41:57.551 8248 5628 3 CoeWareBase,Time 641
Jul 28 2020 12:42:12.211 7576 16260 3 CoeWareBase,Time 61484

No, I have no multiple login attempts. If I set the user_AccountLockedOut to NULL and logged in to the system, I will be able to use the system. But if I check again on the database user_AccountLockedOut,  it will be updated. 

Check the activity table for the login request. This should/might give you the method (web) and ipaddress of the requests that are locking the account.

Also shut down ALL CRM services to see if that helps eliminate the root casue.  (Tomcat / Fast Find / Escalations / Indexer etc.)

Activity table shows data as follows

I have shut down all the CRM services (Tomcat / Fast Find / Escalations / Indexer etc.) as said, but still, somehow the column user_AccountLockedOut is updated and locking the user.

I stopped CRM Email Manager service,  The column value remains null. 

How can I start the service without causing a locked out issue? Any idea.

External? Odd. Never noticed that recorded before but it exists on other systems. Do you have it exposed exteranlly ? But looks like an app or something is using an incorrect password.

When I stopped CRM Email Manager, the issue is solved.

I set the password in Administration → E-mail and Documents → Advanced Email Management Server Options -> Manager Password. Did a metadata refresh and an IIS reset.

And then started the service.

But still, the column user_AccountLockedOut is updated thus locking the user.

Are you using a default script ? if it's custom then you 'might' have a direct db connection in there. Otherwise try a different user for the email manager (not admin) so you can see whether it still occurs. if it does then look into the script.

On the plus side at least you know what is causing the issue now.

I tried with another user as an Email manager. But still, the 'Admin' user is locking out.

The issue stems from the “dynamic hash” being enabled.

When dynamic hash is switched on it does not retroactively check all the passwords and hash them afterwards. It will only hash new passwords. So what happened here was that the admin password in the CRM db was not dynamically hashed, and needed to be entered again to activate the hash, I noticed this when I looked at the hash being ^ and not ^^. The EM uses the old hashing system but this was fixed by updating the user password in users to the new hash and then just giving the EM the password. Comparing the EM hash (after conversion) with the new hash was successful and it logged it fine.