After you configure the account lockout feature in Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 2, the accounts may remain locked beyond the configured AccountLockoutResetTime period.
This problem occurs if there is an ongoing authentication attempt while the account is locked out. In this situation, the account lockout period may be extended incorrectly by the AccountLockoutResetTime feature. This problem may occur whether the correct credentials are used or not.
To temporarily workaround this problem, restart the TMG Firewall Service. This resets the account lockout database.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.