Solution

1. Verify the Issue in Logs

• Open the debug logs (ensure "User Authentication" debugging is enabled).

• Look for: Too many false 2FA attempts for user: '<user_email>', account is locked

2. Understand the Security Feature

• Kerio disables accounts after repeated incorrect 2FA attempts to prevent unauthorized access.

• This is an intended behavior, not a malfunction.

3. Check for Kerio Update

• Update to Kerio Connect 10.0.9 (or later) for improved log clarity.

• New logs will clearly state when an account is disabled due to failed 2FA.

4. Manually Re-enable the Account

• Go to the Kerio Administration Console.

• Locate the affected user and manually enable the account.

5. Monitor and Prevent Future Lockouts

• Educate users on correct 2FA procedure.

• Monitor 2FA-related logs for recurring patterns or potential abuse.

Summary

If a Kerio Connect user becomes disabled due to too many failed 2FA attempts, it's a security measure—not a defect. You can re-enable the user via the admin console and update to version 10.0.9 for clearer log entries. Monitoring and proactive education can help prevent further disruptions.

Frequently Asked Questions

Q1: How do I confirm an account was disabled due to 2FA failures?
A1: Check the debug logs for: Too many false 2FA attempts for user: '<user_email>', account is locked.
This indicates the user was disabled after repeated 2FA failures.

Q2: How can I restore access for a disabled user?
A2: Use the Kerio Administration Console to manually re-enable the account.

Q3: When will the improved logging be available?
A3: In Kerio Connect version 10.0.9, which introduces clearer messages about account status in both debug and security logs.