Windows 2012 R2 NPS log files location configuration
After a bit of frustration working on a project recently with a Windows 2012 R2 NPS RADIUS server, I had a bit of a refresher on Windows 2012 R2 NPS log files location configuration, administration and what I have experienced with logging behavior.
windows 2012 R2 NPS log files location configuration
Logging with Network Policy Server is a bit more convoluted than in the old days with plain IAS server. ย I guess one of the main reasons is that NPS does so much more than just RADIUS. ย However, when you need to find information about successful and failed logins, where do you look and where are things stored?
Let’s take a look at some of the logging configuration within NPS. ย If you right click on NPS (Local)ย click properties, thenย Generalย tab and make sureย Rejected authentication requests andย Successful authentication requests are selected.
Underย Accounting you can also configure settings related to your log file format, location, and other information. ย If you clickย Configure Accounting it launches a wizard that will allow the configuration of most of the log file properties.
Otherwise, you can simply click theย Change Log File Properties link and you will have access to most of the options there as well.
I have found on my RADIUS server, the events are not logged to theย Systemย Log like NPS service related messages are logged. ย However, inย Server Manager >> NAPย I see all the events as they relate to the logins and policy application. ย Also, the low level logging can be found inย c:widowssystem32logfilesIN*.log which you can configure in the wizard and the settings mentioned above.
Some have mentioned having issues seeing anything logged. ย If so, check your audit policy as it relates to NPS to make sure events are being audited correctly.
auditpol /get /subcategory:"Network Policy Server"
If enabled,ย the output should be:
System audit policy
Category/Subcategoryย ย ย ย ย ย ย ย ย ย ย ย ย ย ย ย ย ย ย ย ย Setting
Logon/Logoff
Network Policy Serverย ย ย ย ย ย ย ย ย ย ย ย ย ย ย ย ย ย Success and Failure
If it shows โNo auditingโ run the following:
auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable
Final Thoughts
Hopefully this Windows 2012 R2 NPS log files location configuration post will help any who are struggling trying to make sense of where things are presented from NPS as to login successes and failures. ย If you have any other tricks up your sleeve you would like to share as to NPS and logging, please comment below.
