After a bit of frustration working on a project recently with a Windows 2012 R2 NPS RADIUS server, I had a bit of a refresher on Windows 2012 R2 NPS log files location configuration, administration and what I have experienced with logging behavior.
windows 2012 R2 NPS log files location configuration
Logging with Network Policy Server is a bit more convoluted than in the old days with plain IAS server. I guess one of the main reasons is that NPS does so much more than just RADIUS. However, when you need to find information about successful and failed logins, where do you look and where are things stored?
Let’s take a look at some of the logging configuration within NPS. If you right click on NPS (Local) click properties, then General tab and make sure Rejected authentication requests and Successful authentication requests are selected.
Under Accounting you can also configure settings related to your log file format, location, and other information. If you click Configure Accounting it launches a wizard that will allow the configuration of most of the log file properties.
Otherwise, you can simply click the Change Log File Properties link and you will have access to most of the options there as well.
I have found on my RADIUS server, the events are not logged to the System Log like NPS service related messages are logged. However, in Server Manager >> NAP I see all the events as they relate to the logins and policy application. Also, the low level logging can be found in c:\widows\system32\logfiles\IN*.log which you can configure in the wizard and the settings mentioned above.
Some have mentioned having issues seeing anything logged. If so, check your audit policy as it relates to NPS to make sure events are being audited correctly.
auditpol /get /subcategory:"Network Policy Server"
If enabled, the output should be:
System audit policy
Network Policy Server Success and Failure
If it shows ‘No auditing’ run the following:
auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable
Hopefully this Windows 2012 R2 NPS log files location configuration post will help any who are struggling trying to make sense of where things are presented from NPS as to login successes and failures. If you have any other tricks up your sleeve you would like to share as to NPS and logging, please comment below.