Issue: When you restrict the kiosk user accounts to use specific computers in the Active Directory, and users try to log in to Windows with those accounts, an Invalid Credentials error message is displayed from the Advanced Authentication Windows Client.
If the option is changed toin the Active Directory, the account is able to log in successfully.
Reason: This issue happens when using the LDAP Password method, Advanced Authentication tries to bind to the Domain Controller to validate the password and it fails.
Open the user properties from the Domain Controller and goto thetab and click
Add Domain Controllers to the list of allowed workstations for that particular user.
To prevent that user from accessing the Domain Controllers, go to.
In thego to .
Add that particular user or a group toand in the setting.
Run gpupdate /force to push these group policy changes.