Access Requests Are Not Logged

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

This problem can occur if audit policy for success and failure events is disabled. To repair the problem, enable auditing for success and failure events.

Description of system behavior

No access request events are observed on Network Policy Server (NPS). Clients continue to be processed by NPS and access request messages continue to be recorded in text logs on NPS. However, no events are generated in Event Viewer.

Associated operating system events

None.

Root cause diagnosis and resolution

You can review the audit policy settings on NPS by typing auditpol /get /subcategory:”Network Policy Server” at the command line. If audit policy is not configured properly, you might not see NAP client access request events. This can make troubleshooting difficult. For more information, see Audit Policy (https://go.microsoft.com/fwlink/?LinkId=136751).

Audit policy is not correctly configured

If audit policy is not configured to display success and failure events, then Network Access Protection (NAP) client access requests will not be displayed in Event Viewer.

Resolution

To repair this problem, enable success and failure events in audit policy.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

To enable success and failure event auditing

1. On a server running NPS, click Start, right-click Command Prompt, and then click Run as administrator.

2. At the command prompt, type auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable, and press ENTER.