Windows 2012 R2 NPS log files location configuration

0

After a bit of frustration working on a project recently with a Windows 2012 R2 NPS RADIUS server, I had a bit of a refresher on Windows 2012 R2 NPS log files location configuration, administration and what I have experienced with logging behavior.

windows 2012 R2 NPS log files location configuration

Logging with Network Policy Server is a bit more convoluted than in the old days with plain IAS server.  I guess one of the main reasons is that NPS does so much more than just RADIUS.  However, when you need to find information about successful and failed logins, where do you look and where are things stored?

Let’s take a look at some of the logging configuration within NPS.  If you right click on NPS (Local) click properties, then General tab and make sure Rejected authentication requests and Successful authentication requests are selected.

npslog01 Windows 2012 R2 NPS log files location configuration
npslog02 Windows 2012 R2 NPS log files location configuration
Under Accounting you can also configure settings related to your log file format, location, and other information.  If you click Configure Accounting it launches a wizard that will allow the configuration of most of the log file properties.

npslog03 Windows 2012 R2 NPS log files location configuration

npslog05 Windows 2012 R2 NPS log files location configuration
npslog06 Windows 2012 R2 NPS log files location configuration
npslog07 Windows 2012 R2 NPS log files location configuration

Otherwise, you can simply click the Change Log File Properties link and you will have access to most of the options there as well.

npslog08 Windows 2012 R2 NPS log files location configuration

I have found on my RADIUS server, the events are not logged to the System Log like NPS service related messages are logged.  However, in Server Manager >> NAP I see all the events as they relate to the logins and policy application.  Also, the low level logging can be found in c:\widows\system32\logfiles\IN*.log which you can configure in the wizard and the settings mentioned above.


npslog04 Windows 2012 R2 NPS log files location configuration

Some have mentioned having issues seeing anything logged.  If so, check your audit policy as it relates to NPS to make sure events are being audited correctly.

auditpol /get /subcategory:"Network Policy Server"

If enabled, the output should be:

System audit policy

Category/Subcategory                      Setting
Logon/Logoff
Network Policy Server                   Success and Failure

If it shows ‘No auditing’ run the following:

auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable

Final Thoughts

Hopefully this Windows 2012 R2 NPS log files location configuration post will help any who are struggling trying to make sense of where things are presented from NPS as to login successes and failures.  If you have any other tricks up your sleeve you would like to share as to NPS and logging, please comment below.