thats already all setup.
i get this reported on the DC event log:
but nothing shows up on the lem reports or custom filters to show logon failure. there are other logon failures in the list however for another domain, but i dont think that domain uses avanced audit, just basic. it should be the other way around!
Does lem require specific config for kerberos logs?