Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, January 11, 2010 6:36 PM
Hi there
I've configured a NPS Server as a RADIUS Server for 802.1X Wireless Connections.
In the General Settings of the Server under "In additional to the errors that are automatically recorded in the Event Log, record the following events:" "Rejected authentication requests" and "Successful authentication requests" is selected.
However in the Eventlog only Successful authentication requests are logged. There are no Events about Rejected or failed authentication requests.
But in the Text Logfile in C:\Windows\system32\LogFiles are some reject and errors logged. So there are definitely rejected or failed authentication requests.
Why are these errors and rejects not visible in the Event Log ? In the Text Logfile there are very few information for debugging so it would really help if there are some Event Log entries about the failed authentication requests.
anyone got a suggestion?
The Server is running Windows 2008 (NOT R2) and its also a DC.
Thx
J0Fe
All replies (11)
Monday, January 11, 2010 8:19 PM
hi there.
coud you please give us more informatio, where have you looked in the event log?
you should get any reports about nps on the "Security" section.
an easier log file to view is under "server roles\network policy and access server" hich gives a pre-filtered list of events (when they show up)
greetings,
uerueluem
Tuesday, January 12, 2010 8:06 AM
Hi
Thank for you anwser.
I've looked in both the security log and in the pre-filtered log under "server roles\network policy and access server".
In both location I can only find events abouth successful authentication but nothing abouth errors.
greetings
J0fe
Tuesday, January 12, 2010 9:25 AM
can you post the errors which you have in your logfile errors?
Tuesday, January 12, 2010 5:19 PM
I the logfile are errors like:
Start DateTime Stop DateTime Duration User IP Output Octets Input Octets Connect Request Connect Result
01/12/2010 09:39:17 01/12/2010 09:39:17 00:00:00 0 0 300 Rejected
or
Start DateTime Stop DateTime Duration User IP Output Octets Input Octets Connect Request Connect Result
01/12/2010 17:24:43 01/12/2010 17:24:43 00:00:00 0 0 IAS_AUTH_FAILURE Rejected
01/12/2010 17:25:46 01/12/2010 17:25:46 00:00:00 0 0 IAS_NO_SUCH_USER Rejected
greetings
J0fe
Wednesday, March 9, 2011 3:36 PM
Hello,
same problem, but only rejected requests are logged, successful not :-(. In NPS settings is checked both - successful and rejected.
Any suggestions?
Friday, April 1, 2011 12:52 PM
I have the same provlem as Michal - only rejected requests are logged. My 2008 R2 NPS servers have configs which was importer from 2003 R2 IAS servers. Microsoft, please help us with this problem.
Tuesday, April 19, 2011 7:43 PM | 7 votes
This can be a result of your audit settings. You can check them via the cli with this command.
auditpol /get /subcategory:"Network Policy Server"
The output should look like:
System audit policy
Category/Subcategory Setting
Logon/Logoff
Network Policy Server Success and Failure
If it shows ‘No auditing’ or just "Success", you can run this command to enable it:
auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable
Wednesday, April 20, 2011 12:52 PM
Yes, this was exactly the case:) I've found this myself, but thanks anyway:)
Thursday, April 26, 2012 4:17 PM
I was having the same problem where rejects were getting logged but not successful authentications. I ran the auditpol command and found that it showed "No auditing" even though I had also previously (days ago) run the auditpol command to set the auditing (which was successful when I ran it). I reran the command today and it shows that "success and failure" are being logged.
It appears as though auditpol is losing this setting somehow. Has anyone else experienced this issue?
Thanks.
Friday, July 15, 2016 9:11 PM
I had the same problem and this command was the solution.
Thanks!
JR
Jorge J. Rodriguez
Friday, November 18, 2016 3:19 PM
Thanks a lot! the cli command wiped the slate clean.
There is that setting (that should presumably have this set so) in NPS console - right click on NPS (top-most node in NPS console), Properties, General - sadly it doesn't work.