This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

Tracing the source of failed authentications in ADFS 3.0

Question
0

Sign in to vote

We have an ADFS 3.0 farm (2 Primary, 2 Proxies) configured for Office365 authentication and Single Sign-On. We have an account that is being locked out a few times everyday due to bad authentication attempts on the ADFS farm. This account is used in quite a few different locations. I can clearly in the logs when it gets locked out, but I need to know where the bad attempt is originating from, the source IP of the request. I've not been able to find any clear direction for enabling this type of logging in ADFS 3.0 or Web Application Proxy. Any suggestions?

Thursday, December 10, 2015 3:41 PM

Answers

1

Sign in to vote
Have a look here: http://blogs.technet.com/b/pie/archive/2016/02/02/track-down-the-source-of-adfs-lockouts.aspx
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
- Proposed as answer by Shane Jackson Wednesday, February 3, 2016 4:59 PM
- Marked as answer by jamesking5 Thursday, February 4, 2016 4:52 PM
Tuesday, February 2, 2016 10:45 PM