Hey Joel,
First, make sure you're using the latest version of TurboActivate (currently 3.4.6, which was released about 1 month ago). That solved a lot of false negative and false positive detection bugs.
There are patterns... but there are about 5 different ones.
It sounds like you're running into the bugs we've fixed.
What circumstances will cause a machine to deactivate?
When TurboActivate sees the computer fingerprint as being different that whatever cryptographically signed activation data is on the computer.
What version of TurboActivate are these customers using? What platforms are they on? Also, are they on Virtual Machines?