Logging of Authentication
SMA successful and failed logon attempts are not appearing in our auditing system. Our domain administrator believes this problem to be associated with the SMA, itself. I am attempting to troubleshoot and rule out the SMA. My questions are:
1.) If an authentication server is defined as "Active Directory (Basic)" are those communications encrypted? Meaning: Should authentication attempts be visible in a packet capture?
2.) Does the SMA cache credentials in any way that the authentication would be occurring locally on the SMA and not against a Domain Controller at each authentication?
3.) In "Monitoring / User Sessions," when a login fails, is there an SMA log that shows which domain controller the authentication attempt occurred against (assuming credentials are not cached in some way)? The user.log shows a failure as "Session Start Failed" and the user's public IP but it does not appear to show which domain controller attempted to authenticate the user.