We help IT Professionals succeed at work.

How to add IAS authentication entries to System Event log

Up until 2 weeks ago, my System Event logs showed IAS Event_ID 1 entries, detailing secure wireless logons via RADIUS. I am no longer seeing any such entries (wireless users continue to successfully use RADIUS). Don't know what changed, but how can I get these events to log again?
Comment
Watch Question

Justin OwensITIL Problem Manager

Commented:
Were any patches or updates loaded on your machine (via MS or 3rd party) when the logs stopped populating your data?
I'm not aware of any. What is really strange is that none of my 3 DCs are currently logging these IAS Event #1 entries. Prior to 6/2 all 3 were logging the events.
Additional note:
I checked the IAS servers, and they have 2 check boxes under General/properties to record "Successful Authentication Requests" and  "Rejected Authentication Requests". Both boxes are checked on all 3 servers.
I am still unable to determine why there are no user authentication entries under IAS (event 1) in the System Event Log. What I do see occasionally is this entry (IAS event 5050):

A LDAP connection with domain controller server01.Hilltown.Local for domain HILLTOWN is established.

Formerly, I got 10 or 15 entries an hour like:

User HILLTOWN\rfeldman was granted access.
 Fully-Qualified-User-Name = Hilltown.Local/Staff/Rossie Feldman
 NAS-IP-Address = 172.20.1.247
 NAS-Identifier = WLC2106-01
 Client-Friendly-Name = WLC2106-01
 Client-IP-Address = 172.20.1.247
 Calling-Station-Identifier = 00-1f-3b-d8-30-51
 NAS-Port-Type = Wireless - IEEE 802.11
 NAS-Port = 1
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = Windows
 Authentication-Server =  


As noted above, the IAS checkboxes are set to enable these logs, but it's not happening.

Here is an interesting twist. I have a DC in a separate subnet also doing IAS RADIUS  on wireless access. That machine is logging these entries continuously, but only for the subnet.
I need some action here.
Justin OwensITIL Problem Manager

Commented:
HilltownHealthCenter,
I requested a Moderator ping a few other Experts to assist you, as I don't think I can help you with this issue.
Justin
Thanks. For any new experts, please note that my comment #1 is inaccurate. Two DCs are not logging IAS event 1. The third DC (on a subnet) is logging properly. Go figure.
Here is the IAS Server setting on one of the failing servers:
IAS.jpg
Top Expert 2010
Commented:
What I might do is remove IAS and reinstall to get the logging back...might work, might not.  It's the first thought.

Also, while researching, I discovered this technet link for possibly better configuring your IAS servers.  Let me know what you think...perhaps with a different deployment, you might get better centralized logging.

http://technet.microsoft.com/en-us/library/cc780683%28WS.10%29.aspx
I will attempt this.