1. Check that Mi-Token heartbeat events, event-id 5136, are recorded in windows event log "Windows Logs - Security" by searching for mitokenLatestHeartbeatInfo

If there is no event recorded, use gpedit.msc (Local Group Policy Editor) to change Audit Policy of Directory Service Access:

a.  Computer Configuration/Windows settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies – Local Group Policy/DS Access.

b. Configure success and failure audit events for Audit Directory Service Changes subcategory

c.  Run gpupdate /force at command prompt

Instead of using gpedit.msc, we can use gpmc.msc (Group Policy Management Editor) and follow step a, b above to change Audit Policy.

In order to minimize the scope of the change, we recommend using gpedit.msc in which case the change will be applied to the local box only. However, if this setting is grayed/disabled in gpedit.msc, then it is necessary to use gpmc.msc to make change to the domain policy.

2. Check that Mi-Token Audit Helper service is running.