NPS Events are not being shown in the security log, even after configuring via GPO, GPEDIT.MSC or AUDITPOL

fborup 1 Reputation point
2020-08-11T21:11:21.153+00:00

NPS Events are not being shown in the security log, even after configuring via GPO, GPEDIT.MSC or AUDITPOL

I have 2 Win2012R2 DCs (AD, DNS< DHCP) that are also NPS servers
I´m trying to enable NPS events in Event Viewer ut it´s not working

I´m looking for 6272 and 6273 event to do some troubleshooting, but even configuring via GPO (domain and container), GPEDIT (local) nor AuditPol, even doing all of this, even that way, the NPS events are not shown

The only weird thing is the RSOP.MSC not showing the advanced audit portion of the current configs, but several screens and ways are showing that NPS Sucess/Failure are enabled and even this way, no NPS events on Event Viewer

SO i tried to Uninstall/Reinstall NPS.. nothing!

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,002 questions
Windows Server Infrastructure
Windows Server Infrastructure
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Infrastructure: A Microsoft solution area focused on providing organizations with a cloud solution that supports their real-world needs and meets evolving regulatory requirements.
526 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Fan Fan 15,321 Reputation points Microsoft Vendor
    2020-08-11T23:49:59.043+00:00

    Hi,
    First of all , i i would suggest you confirm if the group policy was applied successfully.
    You can check that by running cmd as administrator and type command :gpresult /h report.html

    Or you can check if the audit was enable by the command on NPS:
    auditpol /get /subcategory:"Network Policy Server"

    The output should be:
    System audit policy

    Category/Subcategory Setting
    Logon/Logoff
    Network Policy Server Success and Failure

    If it shows ‘No auditing’, you can run this command to enable it:
    auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable

    Best Regards,

  2. Fan Fan 15,321 Reputation points Microsoft Vendor
    2020-08-17T01:42:36.957+00:00

    Hi,
     
    Just checking in to see if the information provided was helpful.
    Please let us know if you would like further assistance.
     
    Best Regards,

    0 comments