Not receiving any Logon Activity events (4307211)

Not receiving any Logon Activity events even though Change Auditor is licensed for Logon Activity.

Running the built-in Searches "Logon Activity | All Interactive Logons in the Past 24 hours" and "All Remote Interactive Logons in the Past 24 hours" do not return events. However, the "All User Sessions in the Past 24 hours" search does return events.

When Local Policies\Audit Policy is used:

1. Enable the ‘Audit Logon events’ audit policy for all servers and workstations. (Set to audit Success and Failure):
   • Domain - Group Policy:
     1. Default Domain Policy\Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit logon events
   • Default Domain Controller Policy:
     1. Default Domain Controllers Policy\Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit logon events
     2. Default Domain Controllers Policy\Computer Configuration\Policies\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Logon/Logoff\Audit Logon
   • Workgroup - Local Group Policy:
     1. Local Computer Policy\Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit logon events
2. Wait 30-90 minutes for the policy to refresh

When Security Settings\Advanced Audit Policy Configuration is used:

1. Enable the ‘Audit Logon’ advanced audit policy for all servers and workstations. (Set to audit Success and Failure):
   • Domain - Group Policy:
     1. Default Domain Policy\Computer Configuration\Policies\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Logon/Logoff\Audit Logon
   • Default Domain Controller Policy:
     1. Default Domain Controllers Policy\Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit logon events
     2. Default Domain Controllers Policy\Computer Configuration\Policies\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Logon/Logoff\Audit Logon
   • Workgroup - Local Group Policy:
     1. Local Computer Policy\Computer Configuration\Policies\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Logon/Logoff\Audit Logon
2. Wait 30-90 minutes for the policy to refresh