Hi,
We are running Win 2008R2 servers fully patched, and have a Domain Default Policy applied to all computers/servers) on the domain. In that GPO we configured the following:
Account lockout threshold : 3 invalid attempts
Reset account lockout counter after : 5 minutes
So basically, for a given domain user account, 3 invalid password are submitted within 5 minutes, you (should) get an account lockout.
If you attempt to logon to a host manually and provide wrong passwords, the account locks out. The same is not true if a process/malware/non-human-thing submits wrong passwords
I can get 10 account logon failures within a single second, each with their own distinct serial number... no lockout. I can get 50 logon failures in 5 minutes... no lockout.
I did a RSoP, everything looks normal.
The logon failure event ID # is 4771 with error code 0x18.
How do I troubleshoot this? Thanks