The error message "The referenced account is currently locked out and may not be logged on to", usually appears on domain computers where the user has entered their password incorrectly multiple times and has been locked out of the domain.
To easily resolve the "referenced account locked out", issue, wait at least 30 minutes before attempting to re-enter your password, or continue reading below to see all available ways to resolve it.
How to FIX error "The referenced account is currently locked out and may not be logged on to." on Windows.
Method 1. Wait 30 minutes for the account to be unlocked.
As mentioned at the beginning of this article, the easiest method to resolve the "account is currently locked out" problem, is to wait 30 minutes* and then to try to re-login, by typing the correct password.
* Note: The "30 minutes" period, is the default Account lockout duration (if not otherwise specified), before the account automatically becoming unlocked.
Method 2. Unlock the Αccount by using the Local Administrator Account.
If the computer is not joined on a domain (otherwise skip to next method), proceed as follows:
1. Enable the local Administrator account offline, by following the instructions in this tutorial.
2. Login to the workstation by using the local Administrator account.
3. Open the Local Security Policy editor. (secpol.msc)
4. Navigate to Security Settings > Account Settings > Account Lockout Policy
5. Open the Account lockout threshold policy, set it to 0 (zero) and click OK.
6. Restart the computer and login to the locked account.
Method 3. Unlock the referenced account on the Domain Controller.
In AD Domain computers and for security reasons, the default Domain Policy may prevent any user to logon on the domain, if the password is repeatedly mistyped. So, if the computer is joined on a domain, proceed and unlock the referenced account on the Domain Controller:
1. In Domain Server got to: Active Directory Users and Computers -> Users
2. Right-click on the locked user and select Properties.
3. At Account tab, check the Unlock account checkbox and click OK.
Method 4. Disable or Modify the Account lockout Policy.
To disable or to modify the Account Lockout Policy on your Server or on your Windows PC, proceed as follows:
1. In the Domain Controller, open the Server Manager and then from Tools menu, open the Group Policy Management. *
* Note: For Standalone Servers or Workstations, open the Local Group Policy Editor (gpedit.msc)
2. In Group Policy Management editor, right click at Default Domain Policy and choose Edit. *
Note: For Standalone Servers or Workstations, skip to the next step.
3. At Group Policy Editor navigate to:
- Computer Configuration > Windows Settings > Security Settings > Account Policies > Account Lockout Policy.
4. Open the Account lockout threshold policy.
5. At Account lockout threshold Properties, apply one of the following according your will:
a. Uncheck the Define this policy setting checkbox and click OK, if you want to prevent accounts from being blocked after entering their password incorrectly, or…
b. Increase the number for the invalid logon attempts and click OK.
6. Click OK again at 'Suggested Value Changes'.
7. Close the Group Policy Editor.
8. Finally, open Command Prompt as Administrator and give the following command to update the group policy or restart the computer.
- gpupdate /force
That’s it! Let me know if this guide has helped you by leaving your comment about your experience. Please like and share this guide to help others.