Windows Server update KB5020282 introduces the function of blocking the administrator account after 10 failed password attempts within 10 minutes.

Because Hetzner uses static IP addresses, brute force attacks are not uncommon and can result in blocking your administrator account. You can configure this feature or disable it completely in Local Security Policy. This option can be found in the Server Manager by clicking on «Tools» and then «Local Security Policy».

To disable this function, set «Account lockout threshold» to 0. After that, the other options should be disabled.

If already blocked

If your account has already been blocked, you can add your connection address to the firewall whitelist. You can find it here.

After activating and configuring the firewall, you will need to wait at least 10 minutes for the rules to apply. After logging in, please change the settings according to the above.