Hi all,
I was testing out Win2008R2 in my vm test environment, when I do a failed login attempt via RDP and domain account, the RDP target have logged an audit_failure event 4625 in the system, as well as a 4771 on the domain controller's.
However when I try this in an UAT environment for 2012R2 server, I only received a 4771 event and nothing on the RDP target.
I have cross-check between both server's Local Security Policy, both "Audit account logon events" and "Audit logon events" for success & failure is turn on for both OS.
Is there any other possibility / setting that I may have missed out?
Thanks!
Zack