ModelState.AddModelError(string.Empty, "Member is locked out"); I believe would be for ModelOnly errors.. eg the empty string..
try adding a <span asp-validation-for="loginModel"></span> to see the property errors injected with that name in umbLoginController.
I think this is a subtle difference introduced in net.core over net framework.. ps multiple string.empty additions are aggregated together.