Others seem to agree

Based on multiple posts in this topic it would seem that a system repair to a previous time is the "most common" reason for this.
As such it is recommended to enable the following settings for Windows 7

From a command prompt you can run

 Code:
bcdedit /set {default} recoveryenabled No
bcdedit /set {default} bootstatuspolicy ignoreallfailures



If it works out for you then you could use a Startup Script to enable that on all computers in the Domain if wanted.

From the Ask the Directory Services Team

Machine Account Password Process