APM not generating Logon Event in DC

Question

Hi,&nbsp;We would like to implement an SSO solution that mainly relies on some Event logs (Logon - ID4624)&nbsp;We found that when connecting via the Big-IP in VPN we don't have any such log in the Domain Controller. We are using an AD_Auth &amp; AD-Query in the authentication scheme so I'm wondering why such log are not visible in the DC ?&nbsp;Does someone has any experience on this ?&nbsp;For the moment we need to wait until the user generate a windows action that trigger the Event ID to get authenticated into the SSO system&nbsp;Thank you&nbsp;Best regards&nbsp;Nicolas

dario_garrido · Answer

Hello Ndaems. ​F5 caches info from AD. There is an option called "Group Cache Lifetime" which rules that. https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-12-1-0/2.html​Applying a new config at one APM policy should also clear cache.​Regards, Dario.

Forum Discussion

APM not generating Logon Event in DC

1 Reply

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

Telemetry Streaming generic HTTP push consumer forwards events to Oracle cloud

iRule Event Order Flowchart

Securing Generative AI: Defending the Future of Innovation and Creativity

Generate API SDK for F5 Distributed Cloud