Security

Windows 2012 R2 NPS log files location configuration

After a recent RADIUS project, I wanted to share some information via a post as to Windows 2012 R2 NPS log files location configuration

Highlights

  • After a bit of frustration working on a project recently with a Windows 2012 R2 NPS RADIUS server, I had a bit of a refresher on Windows 2012 R2 NPS log files location configuration, administration and what I have experienced with logging behavior.
  •  If you click Configure Accounting it launches a wizard that will allow the configuration of most of the log file properties.
  • Hopefully this Windows 2012 R2 NPS log files location configuration post will help any who are struggling trying to make sense of where things are presented from NPS as to login successes and failures.

After a bit of frustration working on a project recently with a Windows 2012 R2 NPS RADIUS server, I had a bit of a refresher on Windows 2012 R2 NPS log files location configuration, administration and what I have experienced with logging behavior.

windows 2012 R2 NPS log files location configuration

Logging with Network Policy Server is a bit more convoluted than in the old days with plain IAS server.  I guess one of the main reasons is that NPS does so much more than just RADIUS.  However, when you need to find information about successful and failed logins, where do you look and where are things stored?

Let’s take a look at some of the logging configuration within NPS.  If you right click on NPS (Local) click properties, then General tab and make sure Rejected authentication requests and Successful authentication requests are selected.

npslog01
npslog02
Under Accounting you can also configure settings related to your log file format, location, and other information.  If you click Configure Accounting it launches a wizard that will allow the configuration of most of the log file properties.

npslog03

npslog05
npslog06
npslog07

Otherwise, you can simply click the Change Log File Properties link and you will have access to most of the options there as well.

npslog08

I have found on my RADIUS server, the events are not logged to the System Log like NPS service related messages are logged.  However, in Server Manager >> NAP I see all the events as they relate to the logins and policy application.  Also, the low level logging can be found in c:widowssystem32logfilesIN*.log which you can configure in the wizard and the settings mentioned above.


npslog04

Some have mentioned having issues seeing anything logged.  If so, check your audit policy as it relates to NPS to make sure events are being audited correctly.

auditpol /get /subcategory:"Network Policy Server"

If enabled, the output should be:

System audit policy

Category/Subcategory                      Setting
Logon/Logoff
Network Policy Server                   Success and Failure

If it shows ‘No auditing’ run the following:

auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable

Final Thoughts

Hopefully this Windows 2012 R2 NPS log files location configuration post will help any who are struggling trying to make sense of where things are presented from NPS as to login successes and failures.  If you have any other tricks up your sleeve you would like to share as to NPS and logging, please comment below.

Subscribe to VirtualizationHowto via Email 🔔

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at Virtualizationhowto.com and has over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, Brandon has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.