Symptoms
After you configure the account lockout feature in Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 2, the accounts may remain locked beyond the configured AccountLockoutResetTime period.
Cause
This problem occurs if there is an ongoing authentication attempt while the account is locked out. In this situation, the account lockout period may be extended incorrectly by the AccountLockoutResetTime feature. This problem may occur whether the correct credentials are used or not.
Resolution
To resolve this problem, install Rollup 4 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2.
Workaround
To temporarily workaround this problem, restart the TMG Firewall Service. This resets the account lockout database.
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
References
Learn about the terminology Microsoft uses to describe software updates.