Below is slightly modified script from here to collect the sequence of the EventIDs 1203 and 1210 on single AD FS server that might help you understanding and troubleshooting the AD FS Extranet Smart Lockout (ESL) behavior. You can read more about AD FS ESL behavior here and here.
Month: November 2018
Continuing my journey of learning the great AD FS Extranet Smart Lockout (ESL) feature. As mentioned in my other post, the enhancement were made in AD FS 2016 auditing and there will be Event ID 1203 logged in the ADFS Security log by ADFS Auditing in case there was a failure to validate user credentials … Continue reading AD FS 2016 Extranet Smart Lockout eventIDs 1203 and 1210 clarification