I have a WF 10 hooked up to Active Directory. Everything's working in the normal case. However, when bad credentials are provided, it seems like two attempts are made. This results in AD locking the user prematurely. (The corporate AD policy is 3 attempts).
It appears that two LDAP queries are issued on the failed attempt: one for user, one for groups. The docs i found say that the roles will only be issued after a successful user query.
Does anyone know of a WF10 issue that might be causing the extra attempts?
This seems to be behaving as expected with WF 17. From experimenting, it looked like WF 10 was generating extra login attempts that forced a premature account lock. WF 17 does 1 attempt per login and this was the desired behavior.