cancel
Showing results for 
Search instead for 
Did you mean: 

APM not generating Logon Event in DC

ndaems
Nimbostratus
Nimbostratus

Hi,

 

We would like to implement an SSO solution that mainly relies on some Event logs (Logon - ID4624)

 

We found that when connecting via the Big-IP in VPN we don't have any such log in the Domain Controller. We are using an AD_Auth & AD-Query in the authentication scheme so I'm wondering why such log are not visible in the DC ?

 

Does someone has any experience on this ?

 

For the moment we need to wait until the user generate a windows action that trigger the Event ID to get authenticated into the SSO system

 

Thank you

 

Best regards

 

Nicolas

1 REPLY 1

Hello Ndaems.

F5 caches info from AD. There is an option called "Group Cache Lifetime" which rules that.

https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-12-1-0/2.html

Applying a new config at one APM policy should also clear cache.

Regards,

Dario.

Regards,
Dario.