hi all,
struggling to understand why our DCs are not logging event 4740 (account lockout).
Domain functional level: Windows Server 2008 R2
Forest Functional Level: Windows Server 2008 R2
Basically one of our users is getting locked out randomly and event 4740 is not getting logged on our DCs.
I read this thread but even trying all permutations with the policy settings, it is still not generating 4740. Using a test account and either trying to lock it out via console or RDP. The only log I get is 4625 (failed attempt after account was locked out).
I am wondering whether I can enable any sort of debugging on the DC(s) to try to find out why event 4740 is not getting logged.
Any comments and suggestions are much appreciated.