Hello Everyone,
I am having a hard time coming to a conclusion as to why an audit failure is not taking place on accounts. I have a test account that I am locking out on purpose. The local workstation writes an event in the local security logs but the domain controller does not get a reported failure. It logs that the account is locked out. I have configured/reconfigured the GPO for the domain policy and confirmed that the advanced audit policy shows that Logon/Logoff Long on has Success and Failure assigned to it via auditpol on both the workstation and the sever. I am at a loss. We have a Windows 2008 R2 box with two systems running as a DC.