locked
Extranet Smart lockout issue RRS feed

  • Question

  • I have configured Extranet Smart Lockout on a fully updated WS2016 standalone ADFS server. At first glance it seems to work but using the Get-ADFSAccountActivity cmdlet on my testaccount i can see that the "BadPwdCounter" only counts upwards if the user logs with a bad password in the format "DOMAIN\username". If the user logs in with a bad password in the UPN format "user@domain.com" it doesn't count upwards. This has the effect that the user does not get soft locked out on the ADFS server when attempting with UPN. Any ideas what could be wrong here? This is the guide i followed, rights on the artifacts database are ok, confimed by logging into WID with SQL Management Studio.


    https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-ad-fs-extranet-smart-lockout-protection
    • Edited by Mads Lerager Wednesday, October 17, 2018 12:26 PM
    Wednesday, October 17, 2018 12:14 PM

All replies

  • Are you using an alternate login ID?

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Wednesday, October 17, 2018 3:06 PM