I built a 2012 R2 server which is acting as a DC, DNS, KMS and CA. The Group Policy settings for Default Domain Controllers are as per the attachment yet the security event log shows only a handful of events despite there being numerous issues with one user account being locked out - I have twice gone through the steps: disabling the event log service, rebooting, renaming the security event log file, re-enabling the service and re-booting
which generates a new security event viewer log file but no entries appear after the initial logs. See attachment.
The server is hit by 2 GPO's, DDC and DD. Event logs settings attached.
The GPO's were migrated to this domain from another.
Any further ideas?