Logon Logoff Event: 6275

Active Directory Auditing Tool

The Who, Where and When information is very important for an administrator to have complete knowledge of all activities that occur on his Active Directory. This helps him identify any desired / undesired activity happening. ADAudit Plus assists an administrator with this information in the form of reports. In real-time, ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects - Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts.

Account Management » Logon Logoff Event: 6275

Event ID 6275 – Network Policy Server Discarded The Accounting Request For A User

Event ID 6275
Category Logon/Logoff
Sub-Category Audit Network Policy Servers
Description The network policy server discarded the accounting request for a user.

Events which are audited under the Audit Network Policy Server sub-category are triggered when a user's access request are related to RADIUS (IAS) and Network Access Protection (NAP) activity. The requests are of the following types: Lock, Unlock, Grant, Deny, Discard, and Quarantine.

Every IAS and NAP user access request generates an audit event if the Network Policy Server auditing is configured, and if the NAS and IAS roles are installed on the server.

Example of 6275 log:

Network Policy Server discarded the accounting request for a user.

Contact the Network Policy Server administrator for more information.

 

User:

Security ID: %1

Account Name: %2

Account Domain: %3

Fully Qualified Account Name: %4

 

Client Machine:

Security ID: %5

Account Name: %6

Fully Qualified Account Name: %7

OS-Version: %8

Called Station Identifier: %9

Calling Station Identifier: %10

 

NAS:

NAS IPv4 Address: %11

NAS IPv6 Address: %12

NAS Identifier: %13

NAS Port-Type: %14

NAS Port: %15

 

RADIUS Client:

Client Friendly Name: %16

Client IP Address: %17

 

Authentication Details:

Proxy Policy Name: %18

Network Policy Name: %19

Authentication Provider: %20

Authentication Server: %21

Authentication Type: %22

EAP Type: %23

Account Session Identifier: %24

Reason Code: %25

Reason: %26

Why does event ID 6275 need to be monitored?

On servers that run Network Policy Server (NPS), the event volume ranges from medium to high. NAP events help understand the overall health of the network, and hence must be monitored.

Pro Tip:

With in-depth reports, real-time alerts, and graphical displays, ADAudit Plus tracks all network policy server events, helping you meet your security, operational, and compliance needs with absolute ease.

Event 6275 applies to the following operating systems:

  • Windows Server 2016
  • Windows 10

Explore Active Directory auditing and reporting with ADAudit Plus.

  • Enter your email id
    Please enter a valid email id
  • Enter your phone number
  • Select demo date
  •  
  • By clicking 'Schedule a personalized demo', you agree to processing of personal data according to the Privacy Policy. You can unsubscribe from our mails at anytime.
Account Management Auditing
Active Directory Auditing
Windows Server Auditing