[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

IAS to NPS - logging

Posted on 2012-08-17
1
Medium Priority
?
1,205 Views
Last Modified: 2012-08-20
So I have migrated our IAS server to NPS server (Win 2k3 to Win 2k8) and all is working as it should apart from the logging side of things.

We use this type of server to authenticate VPN requests coming in through the cisco firewall to AD.

Old IAS event logs when a connection is made:-

User 'user' was granted access.
 Fully-Qualified-User-Name = domain.local/domain Users - Other/3rd Party Remote Access/Remote
 NAS-IP-Address = 172.19.10.15
 NAS-Identifier = <not present>
 Client-Friendly-Name = MuVPN_Cisco
 Client-IP-Address = 172.19.10.15
 Calling-Station-Identifier = 78.86.180.164
 NAS-Port-Type = Virtual
 NAS-Port = 14008320
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = Windows
 Authentication-Server = <undetermined>
 Policy-Name = Allow access for MuVPN users group VPN
 Authentication-Type = PAP
 EAP-Type = <undetermined>

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

and

A LDAP connection with domain controller server2.domain.local for domain DOMAIN is established.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

New NPS server event logs when a connection is authenticated and made:
A LDAP connection with domain controller server2-dr.domain.local for domain DOMAIN is established.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Ideas how to get NPS logging details correctly?
0
Comment
Question by:CHI-LTD
1 Comment
 
LVL 22

Accepted Solution

by:
Jakob Digranes earned 2000 total points
ID: 38304170
make sure logging is enabled (may do this with command line):

http://support.microsoft.com/kb/951005

and remember that NPS logs in Security event and not system
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question