Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Single logon attempt is counted as two logon attempts in Active Directory in Windows Server 2012

View products that this article applies to.

Symptoms

The user accounts are locked out although your expectation is that the account lockout threshold isn't reached yet. Additionally, in the security event log, events are logged.

↑ Back to the top

Cause

This issue occurs because the logon attempt for Microsoft Kerberos protocol and Microsoft NTLM protocol operates. This results in two authentication queries against Active Directory. Therefore, the count of incorrect password increases by two instead of by one.

↑ Back to the top

Resolution

To fix this issue, install May 2016 update rollup for Windows Server 2012.

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

References

Learn about the terminology that Microsoft uses to describe software updates.

↑ Back to the top

More Information

For more information about how to manage account lockout settings and monitoring, see Configuring Account Lockout.

↑ Back to the top

Applies to:

↑ Back to the top

Keywords: kbqfe, kbsurveynew, kbfix, kbexpertiseadvanced, kb

↑ Back to the top

Article Info

Article ID	:	3155537
Revision	:	1
Created on	:	1/7/2017
Published on	:	5/17/2016
Exists online	:	False
Views	:	133