Martin, you dont want to include the failed=1 querystring in the forms action.
you only want to include the failed=1 querystring in the failed redirect of the Authenticate User server behavior.
double click the authenticate user server behavior and set the failed redirect to:
users_login.php?failed=1