One of the best troubleshooting steps for Radius/NPS is to look in the event viewer to see why you are having failures. This shows if the server is actively denying the user login attempts due to Creds/Certificate/etc.

Sometimes your successes for failures do not show up in Event viewer – this is usually to do with audit logging not including everything. There are a few ways to modify this – but here I will show two easy ones.

The first is to use the NPS settings to make sure these logs are recorded – Even those these might be checked, I have seen the logs not recorded. I do believe the Audit policy overrides these settings. Our first step is to open up NPS, and right click on the NPS server.

Then we can open up properties and make sure all settings are checked.

Our next option is to use the Audit policy CLI commands to set the success or failure to enable (Enable – enables logging).

auditpol /set /subcategory:”Network Policy Server” /success:enable /failure:enable

You can get the current settings by running the following command in Admin CMD.

auditpol /get /subcategory:”Network Policy Server”