1 reply to this topic

[no-no]

I've setup lockout examiner.

logon event auditing is enabled on my 3 DCs.

logon event auditing is enabled on the client PC i'm working with.

In settings>managed objects it's set to All DCs, I have an enabled status and an ok connection in the monitored DCs list, all green.

 

When I intentionally lock an account from the client and run a report I see a list of invalid logons for the relevant PC but there's no triangular click down arrow giving more details.

 

If i run rsop.msc on the client loggin is def enabled.

if I check the security log on the DC the logs show event 675 0x18 which is correct for a bad password.

I don't know why these details aren't appearing on the examiner report. It wa working yesterday but suddenly seems to have stopped.

 

Many Thanks

[Garfield61978]

I am having this same issue. Anyone know what is causing this?