AD FS logs don't contain client IP address for account lockout scenarios in Windows Server 2012 R2

This article describes a problem in which Active Directory Federation Services (AD FS) logs are missing client device details in Windows Server 2012 R2. An update is available to fix this problem. This update adds the client IP address to events 406, 411, and 413 when the events get triggered during account lockout scenarios. 
AD FS logs are missing client IP address details for account lockout scenarios. Specifically, the logs don't identify the source IP address and package headers that may indicate the detail information of a client device if there are failures. 
How to get this update
To fix this problem, install the update that's described in security update 3134222.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Learn about the terminology that Microsoft uses to describe software updates.
Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Article ID: 3134787 - Last Review: 02/16/2016 19:23:00 - Revision: 1.0

Windows Server 2012 R2 Datacenter, Windows Server 2012 R2 Standard, Windows Server 2012 R2 Essentials, Windows Server 2012 R2 Foundation

  • kbsurveynew atdownload kbexpertiseadvanced kbfix KB3134787