FIX: Accounts are locked out beyond the AccountLockoutResetTime period in Forefront Threat Management Gateway 2010 SP2

Applies to: Microsoft Forefront Threat Management Gateway 2010 Service Pack 2Forefront Threat Management Gateway 2010 EnterpriseForefront Threat Management Gateway 2010 Standard More

Symptoms


After you configure the account lockout feature  in Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 2, the accounts may remain locked beyond the configured AccountLockoutResetTime period.

Cause


This problem occurs if there is an ongoing authentication attempt while the account is locked out. In this situation, the account lockout period may be extended incorrectly by the AccountLockoutResetTime feature. This problem may occur whether the correct credentials are used or not.

Resolution


To resolve this problem, install Rollup 4  for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2.

Workaround


To temporarily workaround this problem, restart the TMG Firewall Service. This resets the account lockout database.

Status


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

References


Learn about the terminology Microsoft uses to describe software updates.