FIX: Domain User account has been locked on the second attempt in Remote Desktop Connection – RDP (Solved)

If after the first successful Remote Desktop Connection (RDP), the user(s) are locked out due to multiple login attempts or password change attempts, continue reading below to fix the problem.

Problem: Domain users successfully connect via Remote Desktop to a Windows Server, but after closing the connection (or logging out) and trying to connect to the RDP Server again, they locked out and receive the following error:

"As a security precaution, the user account has been locked because there were too many logon attempts or password change attempts. Wait a while before trying again, or contact your system administrator or technical support.

Error code: 0xd07
Extended error code: 0x0"

At the time the problem occurs, Event ID 4740 is logged in Event Viewer > Windows Logs > Security, saying that the "user account was locked out" with no other explanation.

Cause: The issue is caused because the Windows Server to which users connect via Remote Desktop Connection uses a lower-level authentication method than the Domain Controller. More specifically, the problem occurs when the domain controller uses NTLMv2 (version 2) to authenticate users, while the server to which users connect via RDP uses NTLM (version 1).

* Note: In Active Directory domains, the Kerberos protocol is the default authentication protocol. However, if the Kerberos protocol is not negotiated for some reason, Active Directory uses LM, NTLM, or NTLM version 2 (NTLMv2).

How to FIX RDP Error "User account has been locked because there were too many logon attempts or password change attempts" on the 2nd attempt to connect to Remote Desktop in Windows Server 2016/2019.

Step 1. Check the 'LAN Manager authentication level' on the Domain Controller (DC).

LAN Manager authentication includes the LM, NTLM, and NTLMv2 variants, and it is the protocol that is used to authenticate all client computers running the Windows operating system.

To check the LAN manager authentication level on your domain, do the following on the primary domain controller:

1. Simultaneously press the Windows + R  keys to open the ‘Run‘ command box.
2. In run command box, type regedit press Enter to open the Registry Editor.

3. At the left pane, navigate to the following registry key:

• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

4. Then, notice the value of the "lmcompatibilitylevel" REG_DWORD (e.g "5" in this example).

Step 2. Set the Same 'LAN Manager authentication level' on the RDP Server.

Now proceed and set the same authentication level on the Windows Server to which users connect via remote desktop (RDP). To do this:

1. Open the Registry Editor and navigate to the same path:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

2. At the right pane see if the "lmcompatibilitylevel" REG_DWORD value is different (e.g. "2") in this example). If so, open it, set the value data to "5" and click OK.

5. Close the registry editor, restart the machine and check if the problem persists.

Additional Info:

1. The "LAN Manager Authentication Level" can also be changed via Local or Domain Group Policy under the bellow mentioned location:

• Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options > Network Security: LAN Manager Authentication Level

2. LAN Manager authentication includes the LM, NTLM, and NTLMv2 variants, and it is the protocol that is used to authenticate all client computers running the Windows operating system in order to:

• Join a domain
• Authenticate between Active Directory forests
• Authenticate to domains based on earlier versions of the Windows operating system
• Authenticate to computers that do not run Windows operating systems, beginning with Windows 2000
• Authenticate to computers that are not in the domain

3. The possible LAN Manager authentication level values ​​are listed below along with the level of security they provide. (source):

• 0 = Send LM & NTLM responses (Very insecure)
• 1 = Send LM & NTLM – use NTLMv2 session security if negotiated (Insecure)
• 2 = Send NTLM response only (Weak security)
• 3 = Send NTLMv2 response only (Moderate security)
• 4 = Send NTLMv2 response only. Refuse LM  (Strong security)
• 5 = Send NTLMv2 response only. Refuse LM & NTLM (Very strong security – BEST)

That's it!  Let me know if this guide has helped you by leaving your comment about your experience. Please like and share this guide to help others.

If this article was useful for you, please consider supporting us by making a donation. Even $1 can a make a huge difference for us in our effort to continue to help others while keeping this site free:

• Author
• Recent Posts

Konstantinos Tsoukalas

Konstantinos is the founder and administrator of Wintips.org. Since 1995 he works and provides IT support as a computer and network expert to individuals and large companies. He is specialized in solving problems related to Windows or other Microsoft products (Windows Server, Office, Microsoft 365, etc.).

Latest posts by Konstantinos Tsoukalas (see all)

• How to Effectively Remove or Disable Microsoft Copilot on Windows 11. - May 11, 2026
• FIX: Device encryption is temporarily suspended and does not resume after the computer restarts (Windows 11). - May 5, 2026
• How to Install Chrome or any 'Line of Business' app on Intune Enrolled Windows Devices. - April 29, 2026