Event Logs
AuthLite records events into the “AuthLite Security” Event Log any time a logon attempt occurs on the system. Also the service records events for the following actions:
• OTP authentication and replay events
• Key provisioning and other management events
• Computer name / IP lookup events
There will often be several events corresponding to what you would consider a “single logon”. And events may be spread across the workstation, member server, and one or more domain controllers that are all involved in a “single” logon. These events will only appear when the AuthLite software is installed. (All DCs that may handle authentications from AuthLite users must have AuthLite installed to function properly.)
It is possible to turn up/down the level of events that the AuthLite service and infrastructure components emit:
The log level is set to “Information” by default. Please do not turn it up to Debug or Trace unless instructed by customer support. Warning: If your DCs constantly process more than about 10 authentications per second, then turning on debug logging can slow down your domain services until they cause the system to fail.
Troubleshooting
When you are trying to determine why authentications are not working as you expect, your first action should be to note down what time you did the failing test, then find all corresponding events from the AuthLite Security event log on every implicated workstation, server, and all DCs in the local site, and read what they say. Events of interest will be clustered together around the time of your test. There may be many other unrelated events too, particularly on busy DCs.
If you open a support ticket, collecting events is among the first tasks we will need you to perform.
Windows "Security" event log
When a user completes a logon to Active Directory, you will still see the normal Windows Security log events as well. AuthLite does not remove or replace any of the default Microsoft authentication technology.