Security

last person joined: 21 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

NPS 2008 - user auth and fails not showing in eventviewer?

This thread has been viewed 0 times

  • 1.  NPS 2008 - user auth and fails not showing in eventviewer?

    MVP
    Posted Sep 08, 2011 06:55 AM
    Anybody have an idea what might be causing NPS 2008 to not show authentication events in eventviewer?
    I've filtered on source "Microsoft Windows security auditing" and "NPS" but nothing shows up. I did also set a filter for event ID 6273, 1 and 2 as otherwise the eventviewer is spammed by non-radius events.

    Even without the filters I cannot find the user authentication events anywhere.. so anybody got an idea?


  • 2.  RE: NPS 2008 - user auth and fails not showing in eventviewer?

    EMPLOYEE
    Posted Sep 08, 2011 07:04 AM
    Go under Custom Views> Server Roles> Network Policy and Access Services.


  • 3.  RE: NPS 2008 - user auth and fails not showing in eventviewer?
    Best Answer

    MVP
    Posted Nov 29, 2011 11:11 AM

    Ran into this with another customer today. Dug in a bit and found what I needed:

     

    auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable


    source: http://support.microsoft.com/kb/951005

     

    SYMPTOMS

    In Windows Server 2008, the Network Policy Server (NPS) may not log successful authentication events or failed authentication events in the Security log in Event Viewer. This behavior occurs even though Event Viewer is configured correctly to log such events.

    This problem may occur on a fresh installation of Window Server 2008.

    RESOLUTION

    To resolve this issue, follow these steps:
    1. Click Start, type cmd in the Start Search box, right-click cmd in the Programs list, and then click Run as administrator.

      If you are prompted for an administrator password or for confirmation, type the password, or click Continue.
    2. At the command prompt, type the following command, and then press ENTER:
      auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable