Event logging for IAS
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Event logging for IAS
IAS errors are automatically recorded in the Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition system event logs. IAS authentication events are recorded in the system event log on the basis of event logging settings. You can individually enable the logging of:
Rejected or discarded authentication events
These events are useful for understanding why a particular request was rejected or ignored. Requests can be rejected or ignored for many reasons, including the following:
The RADIUS message is not formatted according to RFCs 2865 or 2866.
The RADIUS client is unknown.
The RADIUS client has multiple IP addresses and sent the request on an address other than the one defined in IAS.
The shared secret is invalid.
The message authenticator (also known as a digital signature) sent by the client is invalid.
IAS was unable to locate the user name's domain.
IAS was unable to connect to the user name's domain.
IAS was unable to access the user account in the domain.
If the request was rejected, the information in the event text includes the user name, access server identifiers, the authentication type, the name of the first matching remote access policy, the reason for the rejection, and other information.
The logging of rejected or discarded authentication events is enabled by default.
Secure channel (Schannel) is a security support provider (SSP) that supports a set of Internet security protocols, such as Secure Sockets Layer (SSL) and Transport Level Security (TLS). These protocols provide identity authentication and secure, private communication through encryption.
Logging of client certificate validation failures is a secure channel event, and is not enabled on the IAS server by default. You can enable additional secure channel events by changing the following registry key value from 1 (REG_DWORD type, data 0x00000001) to 3 (REG_DWORD type, data 0x00000003):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\EventLogging
Caution
- Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.
For more information, see The Registry.
Successful authentication requests
If the request was accepted, the information in the event text includes the user name, access server identifiers, the authentication type, and the name of the first matching remote access policy.
The logging of successful authentication events is enabled by default.
For information about configuring event logging options for IAS, see Configure event logging for IAS.
For information about how to view event logs in Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition; see Event Viewer.
For more information about troubleshooting IAS, see IAS Troubleshooting.