Strange issue with one of our users, every once or twice a day his account locks. He's only using one device to synchronize, double-checked if he is using another device. If i check security the eventlog on the DC i can see that the workstation name is one of our CAS Exchange servers (2010). The source network address points to his mobile provider, so it's pretty clear that his phone is locking his account. 

For additional information I've enabled netlogon debug logging for the DC and CAS server, when viewing the log there isn't a single entry that his account is locked or that he provided a wrong password. I've also check the IIS log on the CAS server, also no event logged regarding a sync request (Sync requests from other users are logged). This doesn't make any sense, because all sync requests are logged right? Even more confused to why there's no event in the netlogon.log file??

You can use tool like eventcombMT to connect log on other dc's and look for particular event ID.The account lockout can happen due to saved password in mobile devices, mapped drives etc. Also, can you verify there is no conficker worm in your network. 

Troubleshooting account lockout issues : http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx

Using a custom view to view events related to the user account that is being locked out. As mentioned before it's pretty clear that a device is locking his account, however this is not being recorded in the IIS log or netlogon log. My question is: why isn't it logging event even though netlogon debugging is set to max.