I have configured Windows 2008 R2 server DC on my office. I have created account lockout policy on Default Domain Policy and enforced it. The policy is as follow:
Account Lockout Duration: 99999 minutes
Account Lockout Threshold: 3 invalid attempts
Reset Account lockout counter after: 120 minutes
There is almost 150 client pc which is connected with the DC and most client operating system is windows xp sp2. i have created OU for each department and created relevant user account under the OU. For testing the policy i have typed wrong password 3 times on client pc and checked that the user account is locked out on the server. But then i typed correct password and logged on to the account, account lockout message did not appeared. I am not understanding how can i logon to the account which shows locked out on the server. After logging on the user account i saw that the account is still locked out on the server.It occurs when i lock the desktop, but when i logoff or restart the pc and entered wrong password 3 times and then entered correct password the message user account is locked out shows. I have tested several pc, but i got same result. The account lockout policy is not working on locked computer, but it works when i power on the pc or restart/logoff the pc. After that, i have also created the same policy on Default Domain Controllers Policy and servers local policy. But the problem is not solved. Can anyone please help me with this issue?