APM not generating Logon Event in DC

Question

Hi,&nbsp;We would like to implement an SSO solution that mainly relies on some Event logs (Logon - ID4624)&nbsp;We found that when connecting via the Big-IP in VPN we don't have any such log in the Domain Controller. We are using an AD_Auth &amp; AD-Query in the authentication scheme so I'm wondering why such log are not visible in the DC ?&nbsp;Does someone has any experience on this ?&nbsp;For the moment we need to wait until the user generate a windows action that trigger the Event ID to get authenticated into the SSO system&nbsp;Thank you&nbsp;Best regards&nbsp;Nicolas

dario_garrido · Answer

Hello Ndaems. ​F5 caches info from AD. There is an option called "Group Cache Lifetime" which rules that. https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-12-1-0/2.html​Applying a new config at one APM policy should also clear cache.​Regards, Dario.

Forum Discussion

APM not generating Logon Event in DC

Recent Discussions

ASM Export JSON - size Limit ?

Can i apply ddos profile on virtual server using port range

I used the wrong email account when take Application Delivery Exam (101)

F5 iControl REST API - viewBy Parameter Issue in Analytics Report

'F5 rules for AWS WAF' ruleset not working for jsp web shell attack

Related Content

F5 VELOS: A Next-Generation Fully Automatable Platform

iRule Event Order Flowchart

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

Telemetry Streaming generic HTTP push consumer forwards events to Oracle cloud

Generate API SDK for F5 Distributed Cloud

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS