Jorge's Quest For Knowledge!

All You Need To Know About Identity And Security On-Premises And In The Cloud. It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2014-02-05) Enabling Debug Tracing In ADFS v2.1 and v3.0

Posted by Jorge on 2014-02-05


This TechNet article and this WIKI page describe how to enable debug tracing for ADFS v2.0. For both ADFS v2.1 (ADFS 2012) and ADFS v3.0 (ADFS 2012 R2), the same procedure still applies, but it is slightly different.

The ADFS Tracing/Debug is named differently in both ADFS v2.1 (ADFS 2012) and ADFS v3.0 (ADFS 2012 R2). Its name is "AD FS Tracing/Debug". Therefore, to enable circular logging you need to issue the following command:

WEVTUTIL sl "AD FS Tracing/Debug" /l:5

The ADFS binaries are now located in C:\Windows\ADFS. Therefore, the service config file "Microsoft.IdentityServer.Servicehost.exe.config" can be found in that same folder.

When you open the file you will find a contents similar to the figure below.

image

Figure 1: The Sections In The File "Microsoft.IdentityServer.Servicehost.exe.config" For Enabling Debug Tracing. Currently Shown As Being DISABLED For Both WIF And WCF Tracing

To enable both WIF tracing and WCF tracing, the file contents must be configured as shown in the figure below.

image

Figure 2: The Sections In The File "Microsoft.IdentityServer.Servicehost.exe.config" For Enabling Debug Tracing. Currently Shown As Being ENABLED For Both WIF And WCF Tracing

After saving and closing the file "Microsoft.IdentityServer.Servicehost.exe.config", make sure to restart the ADFS service

After that configure the ADFS Tracing/Debug Log through the following steps:

  1. Open Event Viewer.
    • To open Event Viewer, press [CTRL]+[R], type EVENTVWR.MSC and hit enter
  2. On the View menu, click Show Analytic and Debug Logs.
  3. In the console tree, expand Applications and Services Logs, expand AD FS Tracing, and then click Debug.
  4. In the Actions pane, click Enable Log.

Tracing for AD FS is now enabled.

Remember to disable debug tracing after being done with troubleshooting!

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

3 Responses to “(2014-02-05) Enabling Debug Tracing In ADFS v2.1 and v3.0”

  1. […] To enable debug tracing, before trying this yourself see: (2014-02-05) Enabling Debug Tracing In ADFS v2.1 and v3.0 […]

  2. Thomas said

    Is it possible to inspect incoming and outgoing set of claims in different steps in ADFS using debugtracing? How can I filter out/find events containing the incoming or outgoing claims?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: