Wednesday, August 12, 2015

Enable Kerberos Logging in Event Viewer

  1. Open the Registry Editor (regedit.exe)
  2. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
  3. Add a new DWORD Value called “LogLevel” set the value to 1
  4. The logging should start without any reboot

After you have completed your testing delete the LogLevel key reboot the server to ensure you stop logging.

ADFS 2.1 & 3.0 Config Debug Tracing

  1. Run CMD as Administrator
  2. WEVTUTIL sl "AD FS Tracing/Debug" /l:5
  3. Open the file “C:\Windows\ADFS\Microsoft.IdentityServer.Servicehost.exe.config”
  4. Find the following sections shown in the image
  5. Update the switchValues for Microsoft.IdentityModel and System.ServiceModel to Verbose instead of Off.  Also remove the comments from around the system.serviceModel section.
  6. Open Event Viewer.
  7. To open Event Viewer, click Start, point to Programs, point to Administrative Tools, and then click Event Viewer.
  8. On the View menu, click Show Analytic and Debug Logs.
  9. In the console tree, expand Applications and Services Logs, expand AD FS Tracing, and then click Debug.
  10. In the Actions pane, click Enable Log.
  11. Tracing for AD FS is now enabled.
  12. Restart the Active Directory FederationServices windows service.
  13. Open the AD FS Management tool
  14. Right click on the Service folder and select Edit Federation Service Properties…
    ADFS Events
  15. Select the Events tab and select all the checkboxes to make sure all errors will be displayed in the event log.
    ADFS Events 2