Pam - locks out users

Hello,

I followed the instructions of the RHEL7 security guide (chapter 4.1.2/Account Locking). Everything was working as expected (users were locked out as expected after 3 failed attempts), until i tried to rename the configuration files with the commands (as stated in the security guide):
~]# mv /etc/pam.d/system-auth /etc/pam.d/system-auth-ac
~]# mv /etc/pam.d/password-auth /etc/pam.d/password-auth-ac
So, almost imediatly sudo command was not working and because of the even_deny_root parameter, after the reboot the root account was also locked... (mounting the encrypted volume from a recovery linux dvd and edidting the modified pam files gave me full access again).

After this failed attempt i re-followed the steps of the security guide, but instead of the mv commands I used cp commands:
sudo cp /etc/pam.d/system-auth /etc/pam.d/system-auth-ac
sudo cp /etc/pam.d/password-auth /etc/pam.d/password-auth-ac
And hopefully this time everything was working as expected (even_deny_root parameter was not used as a full lock-out precaution).

In the next reboot I realized that the administrator-user account password was not accepted at the login prompt of the graphical interface, while i was able to log (as root or user) in in any of the ttys (Ctrl+Alt+F2...). Running the command: faillock --user myusername, there where no failed login attempts but only until a failed login in a tty has occured..

(I uploaded the config files and to be able to do so i renamed them to .txt)

I cannot find the root cause of the problem... Any ideas please?