The limitation still exist. MLC picks up logon events from the Domain controller's log events directly. And, MLC maintains one user logon per ip address.
In Citrix environment, if the logon events get registered on DC with one common ip address for multiple users, then it will not maintain all the logon events from a single ip address.
thanks for your info. This is bad news indeed...do you happen to know if we could bypass "passive authentication" with an "Active Directory Active authentication"-rule?
Even though our users propably will have to authenticate twice it might help us not to look for alternatives right now.
Also, is there a roadmap available for the logon collector? Are TS-Servers on it?