2008 R2. DC and NPS server on same machine. Fully patched.
I have enabled logging by using the checkboxes in the NPS server properties. I have tried to first disable logging and the enable it again. I have restated both the service and the server. I have also forced the setting using GPO.
Failed attempts for example providing wrong domain is logged, and when a user is granted access is logged but not simple "wrong password". Those are only logged in the ordinary Security Log but the security log give no clues at all from where the attempt is originating.
The NPS server is mainly for authenticating users using wifi. I would like to be able to pin the Access Point from were wrong password attempts are coming.