Skip navigation

JSI Tip 3606. Windows 2000 domain account lockout seems more frequent?

Users with Windows 2000 clients, in a Windows 2000 native or mixed mode domain, may find that their accounts get locked out with fewer incorrect authentication attempts than the domain's Account Lockout policy specifies?

When the Windows 2000 client user tries to authenticate with a resource, the Kerberos authentication protocol is used. If that fails, NTLM authentication is attempted.

If the user specified an incorrect password, the account is charged with 2 failed attempts, instead of the 1 actual attempt.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.