I have configured Password Policy as below:
1. User should be disabled after 3 successive incorrect password.
2. User should be re-enabled after 3 minutes of it being disabled.
After 3 minutes when I try to login, authentication gets failed on the first attempt but succeeds from next request.
This is observed only when “Enhanced AD integration” is ENABLED
How can I solve this problem ?
With "Enhanced Active Directory Integration" enabled, the user get disabled on the Active Directory side too.
This behavior happened because in the Product code, the Policy Server tries to authenticate the user before checking the time out elapsed. This has been corrected. Now the Policy Server checks first if the time out has elapsed and then, if elapsed, does the authentication. Result is that the User gets in at the first tentative after the timeout elapsed.
Upgrade the Policy Server to 12.52SP1CR08 and above to solve the issue.