{"id":74809,"date":"2023-06-05T13:10:16","date_gmt":"2023-06-05T17:10:16","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&p=74809"},"modified":"2025-02-10T16:54:49","modified_gmt":"2025-02-10T21:54:49","slug":"investigate-the-cause-of-user-lockouts-on-windows-devices","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/investigate-the-cause-of-user-lockouts-on-windows-devices","title":{"rendered":"Troubleshoot: Find the Cause of User Lockouts on Windows Devices"},"content":{"rendered":"\n

There\u2019s always a reason for account lockouts, although the root cause may not be immediately obvious. In order to accurately diagnose the source of an end-user lockout, it\u2019s often necessary to investigate at multiple levels, which include reviewing 探花大神 agent logs, local OS log data, and Directory Insights data.<\/p>\n\n\n\n

An account lockout notification email<\/strong> is sent to the administrator and the user when an account lockout is triggered for the end-user. The information in the Administrator email will include the locked username and whether the lockout originated from the portal or from a device.
\"\"<\/p>\n\n\n\n

<\/p><\/div>

Tip:<\/strong> \n

Administrators can also customize the Account Lockout Email sent to users, see Customize Email Templates<\/a>.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

The 探花大神 agent log data<\/strong> (jcagent.log \/ jcagent.log.prev*) will provide information for failed system logins detected at the OS-level including associated processes. This log should always be the first to be collected and examined. <\/p>\n\n\n\n

Windows local operating system log data<\/strong> can be used to correlate any login failures for the local device and associated processes that report failed logins to the local device OS. <\/p>\n\n\n\n

Directory Insights data<\/strong> will provide the ability to see any end-user failed login attempts from either the User Portal or the end-point that the user is attempting to access. <\/p>\n\n\n\n

<\/p><\/div>

Note:<\/strong> \n

Directory Insights is included in some of our package plans. See 探花大神 Pricing for information on our package plans. To enable Directory Insights for your account, current customers can contact us at directoryinsights@jumpcloud.com.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

Gathering Required Information For Investigation<\/h2>\n\n\n\n

探花大神 Agent Log Information<\/h3>\n\n\n\n

The jcagent.log<\/strong> and the jcagent.log.prev<\/strong> (if present) should be collected.<\/p>\n\n\n\n

To collect the log from the 探花大神 Admin Console:<\/p>\n\n\n\n

    \n
  1. Log in to the Admin Portal: https:\/\/console.jumpcloud.com\/login<\/a>.<\/li>\n\n\n\n
  2. Go to DEVICE MANAGEMENT<\/strong> > Devices<\/strong>, and select Devices<\/strong> tab.<\/li>\n\n\n\n
  3. Select the affected device from the devices list.<\/li>\n\n\n\n
  4. Click the Actions<\/strong> menu and select Get Agent Log<\/strong> to download the jcagent.log to your device.
    \"\"<\/li>\n<\/ol>\n\n\n\n

    <\/p><\/div>

    Note:<\/strong> \n
      \n
    • This will not<\/strong> pull the jcagent.log.prev if it exists on the device.<\/li>\n\n\n\n
    • There is a file size constraint of 1MB when pulling via the Get Agent Log<\/strong> button. If the 1MB log does not contain sufficient information, an administrator must pull the log manually.<\/li>\n<\/ul>\n <\/div><\/div><\/div><\/div>\n\n\n\n

      To collect the log files from the device manually:<\/p>\n\n\n\n

        \n
      1. On the Windows device, open Explorer.<\/li>\n\n\n\n
      2. Go to C:\\Window\\temp<\/strong> and make a copy of the log files.<\/li>\n<\/ol>\n\n\n\n

        Windows Event Log Information<\/h3>\n\n\n\n

        To gather and export the Windows Security Event Log:<\/p>\n\n\n\n

          \n
        1. Click on the Windows Menu, type Event Viewer<\/kbd>, and select Event Viewer<\/strong> from the top of the menu. <\/li>\n\n\n\n
        2. In Event Viewer<\/strong> on the left-pane, click and select Security<\/strong><\/li>\n\n\n\n
        3. With Security selected, click the Action menu<\/strong> at the top and choose Save All Events As\u2026<\/strong><\/li>\n\n\n\n
        4. In the save dialog, select the *.evtx<\/strong> format. This will require that the file is opened within the Windows OS but allows for easier review of the log data as opposed to other formats.
          \"\"<\/li>\n<\/ol>\n\n\n\n

          Directory Insights Information <\/h3>\n\n\n\n

          An export of Directory Insight data is also available to send to Support, but can be challenging to review. Whenever possible, narrow the timeframe to correlate with the lockouts experienced by the end user under review, and include a screenshot of the collected log incidents.<\/p>\n\n\n\n

          When exporting Directory Insight data, please be certain that you have selected a wide enough time frame to capture any related failed login events or other end-user actions that could be informative. Support may request for you to collect additional data with a wider scope if there\u2019s the possibility of missing events per provided output.<\/p>\n\n\n\n

            \n
          • Service<\/strong> is highlighted with All<\/strong> selected in order to capture both System and User Portal \u201cuser_login_attempts\u201d.<\/li>\n\n\n\n
          • Event Types <\/strong>can also be set to All <\/strong>but you can also simply select the login event types and lockout events noted.<\/li>\n\n\n\n
          • User <\/strong>should be used to narrow the scope of the provided data for review.<\/li>\n\n\n\n
          • Device <\/strong>should initially be set to All in case the end-user is bound to multiple machines and there could be associated failed logins on multiple devices.
            \"\"<\/li>\n<\/ul>\n\n\n\n

            Stopping Account Lockouts When Using GoodAccess Posture Check Agent<\/h2>\n\n\n\n

            If GoodAccess Device Posture check is installed and enabled, you will encounter lockouts every 30 minutes without these changes, due to the way GoodAccess checks for a password protected logon screen.<\/p>\n\n\n\n

            Follow these steps to adjust the lockout counter reset to below 30 minutes (recommend 20 minutes).<\/p>\n\n\n\n

              \n
            1. Under\u00a0Settings<\/strong>\u00a0>\u00a0Security<\/strong>\u00a0>\u00a0Password Settings > Lockout<\/strong>, select the checkbox next to ** minutes until failed password attempts counter is automatically reset<\/strong>.<\/li>\n\n\n\n
            2. Once the checkbox is active, please adjust the time to 20<\/strong> minutes.<\/li>\n\n\n\n
            3. Click Save<\/strong>.<\/li>\n<\/ol>\n\n\n\n

              These settings will clear any failed login attempts after 20 minutes; for example, if I were to enter my password incorrect 2 times within 19 minutes the counter will reset to 0 after 20 minutes.<\/p>\n\n\n\n

              <\/p>\n","protected":false},"excerpt":{"rendered":"

              There\u2019s always a reason for account lockouts, although the root cause may not be immediately obvious. In order to accurately diagnose […]<\/p>\n","protected":false},"author":203,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[2852,3136,3127,2850,2924],"support_tag":[],"coauthors":[2837,3011],"acf":[],"yoast_head":"\nInvestigate Windows Device Account Lockouts - 探花大神<\/title>\n<meta name=\"description\" content=\"Understand how to gather the appropriate Directory Insights and Windows Event logs required to troubleshoot user lockouts on Windows devices.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/investigate-the-cause-of-user-lockouts-on-windows-devices\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Troubleshoot: Find the Cause of User Lockouts on Windows Devices\" \/>\n<meta property=\"og:description\" content=\"Browse the 探花大神 Help Center by category, search for a specific topic, or check out our featured articles.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/investigate-the-cause-of-user-lockouts-on-windows-devices\" \/>\n<meta property=\"og:site_name\" content=\"探花大神\" \/>\n<meta property=\"article:modified_time\" content=\"2025-02-10T21:54:49+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/account_lockout_notification_email.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"derekpietras, nickconrad\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/investigate-the-cause-of-user-lockouts-on-windows-devices\",\"url\":\"https:\/\/jumpcloud.com\/support\/investigate-the-cause-of-user-lockouts-on-windows-devices\",\"name\":\"Investigate Windows Device Account Lockouts - 探花大神\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/investigate-the-cause-of-user-lockouts-on-windows-devices#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/investigate-the-cause-of-user-lockouts-on-windows-devices#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/account_lockout_notification_email.png\",\"datePublished\":\"2023-06-05T17:10:16+00:00\",\"dateModified\":\"2025-02-10T21:54:49+00:00\",\"description\":\"Understand how to gather the appropriate Directory Insights and Windows Event logs required to troubleshoot user lockouts on Windows devices.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/investigate-the-cause-of-user-lockouts-on-windows-devices#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/investigate-the-cause-of-user-lockouts-on-windows-devices\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/support\/investigate-the-cause-of-user-lockouts-on-windows-devices#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/account_lockout_notification_email.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/account_lockout_notification_email.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/investigate-the-cause-of-user-lockouts-on-windows-devices#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Troubleshoot: Find the Cause of User Lockouts on Windows Devices\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"探花大神\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"探花大神\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"探花大神\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Investigate Windows Device Account Lockouts - 探花大神","description":"Understand how to gather the appropriate Directory Insights and Windows Event logs required to troubleshoot user lockouts on Windows devices.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/investigate-the-cause-of-user-lockouts-on-windows-devices","og_locale":"en_US","og_type":"article","og_title":"Troubleshoot: Find the Cause of User Lockouts on Windows Devices","og_description":"Browse the 探花大神 Help Center by category, search for a specific topic, or check out our featured articles.","og_url":"https:\/\/jumpcloud.com\/support\/investigate-the-cause-of-user-lockouts-on-windows-devices","og_site_name":"探花大神","article_modified_time":"2025-02-10T21:54:49+00:00","og_image":[{"url":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/account_lockout_notification_email.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"4 minutes","Written by":"derekpietras, nickconrad"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/investigate-the-cause-of-user-lockouts-on-windows-devices","url":"https:\/\/jumpcloud.com\/support\/investigate-the-cause-of-user-lockouts-on-windows-devices","name":"Investigate Windows Device Account Lockouts - 探花大神","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/support\/investigate-the-cause-of-user-lockouts-on-windows-devices#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/support\/investigate-the-cause-of-user-lockouts-on-windows-devices#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/account_lockout_notification_email.png","datePublished":"2023-06-05T17:10:16+00:00","dateModified":"2025-02-10T21:54:49+00:00","description":"Understand how to gather the appropriate Directory Insights and Windows Event logs required to troubleshoot user lockouts on Windows devices.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/investigate-the-cause-of-user-lockouts-on-windows-devices#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/investigate-the-cause-of-user-lockouts-on-windows-devices"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/support\/investigate-the-cause-of-user-lockouts-on-windows-devices#primaryimage","url":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/account_lockout_notification_email.png","contentUrl":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/account_lockout_notification_email.png"},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/investigate-the-cause-of-user-lockouts-on-windows-devices#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"Troubleshoot: Find the Cause of User Lockouts on Windows Devices"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"探花大神","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"探花大神","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"探花大神"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/74809"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/203"}],"version-history":[{"count":2,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/74809\/revisions"}],"predecessor-version":[{"id":120900,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/74809\/revisions\/120900"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=74809"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=74809"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=74809"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=74809"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}