locked
Cannot enable ADFS auditing RRS feed

  • Question

  • I'm using ADFS 2012.

    In the ADFS server configuration, I've enabled Success and Failure audits in the service properties.

    In the local group policy editor, I've enabled success and failure logging for the "application generated" category.

    However, I don't see any event 411 (token validation failed / the referenced account is currently locked out) in the Security event log.

    I tried restarting the services but nothing changed.

    Do I need to set something else?

    Thanks,
    Paolo


    Paolo Tedesco - http://cern.ch/idm


    Friday, May 18, 2018 12:01 PM

All replies

  • Maybe try to enable the verbose logging:

    Set-AdfsProperties -LogLevel FailureAudits,SuccessAudits,Errors,Information,Verbose


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Tuesday, May 29, 2018 12:37 AM
  • I'm afraid that the problem is my version of ADFS does not log those events at all :(

    Paolo Tedesco - http://cern.ch/idm

    Tuesday, May 29, 2018 6:58 AM