We have installed Account Lockout Manager to have more information related "Account Lockouts", but unfortunately, we receive a message such as " logon auditing is disabled some functionality will be unavailable for this dc netwrix" . But this is not true, all the settings in DC areenabled.
And also have another message for the specific investigation for example for the Workstation X. then it says, " To view detailed information on logons, enable Failure Audit logon policy on the target workstation" which is also enabled both in client computer and in DC as well.
Anyone has these kind of experience to help please ?
The messages about non-configured audit might be false-positives, especially if you have some complex Group Policy structure in your domain or use a combination of Basic and Advanced audit policies.
If you see related events in the Security logs on the DCs and workstations you should be good.