How to enable logging for Kerberos on Windows 2012 R21
You've got the registry entry correct. You don't even need to reboot.
If LogLevel
is set to anything non-zero, then all Kerberos errors will be logged in the System event log. Kerberos "successes" are not logged in the same way. (Kerberos errors are things such as AP_ERR_MODIFIED
, PRINCIPAL_UNKNOWN
, etc.)
The LogLevel
setting has no effect on what shows up in the Security event log however.
It has always worked this way. Server 2012 R2 is not different in this regard.
On the other hand, if you're expecting to see more verbose "Audit Success" and "Audit Failure" events for Kerberos ticket activity in your Security event log that you're currently not seeing, you need to set up your Advanced Audit Policy... but I believe most of those events only get logged on KDCs/Domain Controllers. (For example.)