This article describes a problem in which Active Directory Federation Services (AD FS) logs are missing client device details in Windows Server 2012 R2. An update is available to fix this problem. This update adds the client IP address to events 406, 411, and 413 when the events get triggered during account lockout scenarios.
AD FS logs are missing client IP address details for account lockout scenarios. Specifically, the logs don't identify the source IP address and package headers that may indicate the detail information of a client device if there are failures.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Article ID: 3134787 - Last Review: Feb 16, 2016 - Revision: 1