The user accounts are locked out although your expectation is that the account lockout threshold isn't reached yet. Additionally, in the security event log, events are logged.
This issue occurs because the logon attempt for Microsoft Kerberos protocol and Microsoft NTLM protocol operates. This results in two authentication queries against Active Directory. Therefore, the count of incorrect password increases by two instead of by one.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Article ID: 3155537 - Last Review: May 17, 2016 - Revision: 1