When logging in to a terminal services session on a remote Domain controller, I am always able to successfully log in. However, the lockout is being invoked after less than a minute of activity, regardless of account being used. I do not have this extremely short lockout configured anywhere in Terminal Services Configuration, Terminal Services Manager, or Group Policy. I can't think of any other place where this value could be configured. Also, I see no events in the security event log that would indicate any problem. There is an avent 1030 in the Application event viewer: "Windows cannot query for the list of Group Policy objects," but I don't think it is related, since I believe that is a known error and has an associated hotfix. Any ideas?