locked
2012r2 NPS SQL logging missing fields RRS feed

  • Question

  • I've configured NPS on windows 2012r2 to log to a SQL DB, but it doesn't populate a lot of the fields.

    Notably, the most important field - REASON CODE - is one of the ones 2012 doesn't populate 

    It works in 2008r2...

    The DB was originally created with 2008r2, so I thought, perhaps there is a difference and I need to create a new DB

    If the DB is created with 2012r2 it doesn't even create the fields (or the appropriate entries in the stored procedure that interprets the XML the NPS service sends)...

    It would appear that the log XML that is posted to the SQL server doesn't contain the missing fields...

    How do I get it back in there?

    (the reason code is in the security event log entry on the NPS server, and if I set text file logging to the legacy IAS format it is logged, but its not a whole lot of use in there!)

    Tuesday, September 22, 2015 2:02 AM

All replies

  • Hi 2icOfTim Tams,

    I found a related post that NPS SQL missing reason-code in server 2012 R2. And L.M van der Vleuten find a way to get the field back, you may try the way provided by him, see if it could work in you lab. The post Link is below:

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/c5d95387-e548-4e3f-bf3f-616a1ab91b5b/nps-sql-missing-reasoncode-in-server-2012-r2?forum=winserverNAP

    Besides, as an alternative, we may also use the event log on the NPS server to view the reason code or other detailed information about the connection.

    Best Regards,

    Anne He  


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Wednesday, September 30, 2015 3:07 AM
  • Thanks Anne,

    As I mentioned, the appropriate entries in the stored procedure that interprets the XML

    It would appear that the log XML that is posted to the SQL server doesn't contain the missing fields

    Also, yes, the reason code is in the security event log entry on the NPS server - but a key part of the rationale for logging to SQL is that I don't want the first level help-desk guys having to read the security log - A: they shouldn't have the rights; B: given the format of the events, that's a pretty complex query they need to run

    Regards,

    Tim

    Monday, October 19, 2015 8:44 PM