When adding a Event Log Scrapping (ELS) server to IDFW configuration for AD you receive an "Access Denied" notification. 

Located > NSX-UI > System > Identity Firewall AD > Active Directory instance > click Event Log Server 


In addition you would see this corresponding error with the same user account on the AD Server > Event Viewer > Login Access > Logs

Account For Which Logon Failed:
    Security ID:         NULL SID
    Account Name:        <nsx-ad user account>
    Account Domain:      <Your Domain>

Failure Information:
    Failure Reason:        User not allowed to logon at this computer    <----ERROR
    Status:            0x######
    Sub Status:        0x######

Process Information:
    Caller Process ID:    0x0
    Caller Process Name:    -

Network Information:
    Workstation Name:    JCIFS1_1_59     <------JCIFS instance matching back to NSX Manager
    Source Network Address:   this will display the nsx manager ip
    Source Port:        58420

Note: The JCIFS workstation is not really a workstation, but an instance that is created by the JCIFS module to assist in Log Scrapping Events from AD. 

NSX 4.X

This is caused by the NSX IDFW account created on the AD server not having "All Computer" access
Located > Active Directory > Right Click on AD User > click Properties > click Account tab > click Login On To > The Logon Workstations pop-up shows "The following computers" button is selected with at least one instance/computer added

To resolve this issue, allow the NSX IDFW user located in AD to have access to "All Computer" option in the Logon Workstation window

Checking back on the NSX-UI > System > Identity Firewall AD > Active Directory instance > click Event Log Server 

NSX IDFW Documentation, Configuration, and Requirements
https://techdocs.broadcom.com/us/en/vmware-cis/nsx/vmware-nsx/4-1/administration-guide/security/identity-firewall.html

NSX IDFW AD User Permissions KB
https://knowledge.broadcom.com/external/article/345838/event-log-scrapping-connection-test-show.html