Brute force attacks are one of the top three ways that Windows computers are attacked today.
If the passwords are not long or complex, the time it would take to perform such an attack is becoming trivial by using modern CPUs and GPUs.
The Windows Server Update KB5020282 enables a Feature called "Account lockout for built-in local administrators", which locks out the Administrator Account after 10 failed password attempts during 10 minutes.
Since Dedicated Server uses static IP blocks such brute force attacks are not uncommon and can lead to your Administrator account being locked.
You can change the settings for this feature, or turn it off entirely, in the Local Security Policy.
You can find this in the Server Manager by clicking on "Tools" and then "Local Security Policy".
Alternatively:
This policy can be found under Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policies.