Jorge's Quest For Knowledge!

All About Identity And Security On-Premises And In The Cloud – It's Just Like An Addiction, The More You Have, The More You Want To Have!

«
»

(2014-02-05) Enabling Debug Tracing In ADFS v2.1 and v3.0

Posted by Jorge on 2014-02-05


This TechNet article and this WIKI page describe how to enable debug tracing for ADFS v2.0. For both ADFS v2.1 (ADFS 2012) and ADFS v3.0 (ADFS 2012 R2), the same procedure still applies, but it is slightly different.

The ADFS Tracing/Debug is named differently in both ADFS v2.1 (ADFS 2012) and ADFS v3.0 (ADFS 2012 R2). Its name is "AD FS Tracing/Debug". Therefore, to enable circular logging you need to issue the following command:

WEVTUTIL sl "AD FS Tracing/Debug" /l:5

The ADFS binaries are now located in C:\Windows\ADFS. Therefore, the service config file "Microsoft.IdentityServer.Servicehost.exe.config" can be found in that same folder.

When you open the file you will find a contents similar to the figure below.

image

Figure 1: The Sections In The File "Microsoft.IdentityServer.Servicehost.exe.config" For Enabling Debug Tracing. Currently Shown As Being DISABLED For Both WIF And WCF Tracing

To enable both WIF tracing and WCF tracing, the file contents must be configured as shown in the figure below.

image

Figure 2: The Sections In The File "Microsoft.IdentityServer.Servicehost.exe.config" For Enabling Debug Tracing. Currently Shown As Being ENABLED For Both WIF And WCF Tracing

After saving and closing the file "Microsoft.IdentityServer.Servicehost.exe.config", make sure to restart the ADFS service

After that configure the ADFS Tracing/Debug Log through the following steps:

  1. Open Event Viewer.
    • To open Event Viewer, press [CTRL]+[R], type EVENTVWR.MSC and hit enter
  2. On the View menu, click Show Analytic and Debug Logs.
  3. In the console tree, expand Applications and Services Logs, expand AD FS Tracing, and then click Debug.
  4. In the Actions pane, click Enable Log.

Tracing for AD FS is now enabled.

Remember to disable debug tracing after being done with troubleshooting!

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
######### http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

This entry was posted on 2014-02-05 at 23:04 and is filed under Active Directory Federation Services (ADFS), Tracing. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

4 Responses to “(2014-02-05) Enabling Debug Tracing In ADFS v2.1 and v3.0”

  1. Bare Minimum Acceptance Transform Rules For The Default Claims Provider Trusts In ADFS v3.0 (Update 1) « Jorge's Quest For Knowledge! said

    2014-02-10 at 23:12

    […] To enable debug tracing, before trying this yourself see: (2014-02-05) Enabling Debug Tracing In ADFS v2.1 and v3.0 […]

    Like

    Reply

  2. Thomas said

    2014-06-27 at 12:28

    Is it possible to inspect incoming and outgoing set of claims in different steps in ADFS using debugtracing? How can I filter out/find events containing the incoming or outgoing claims?

    Like

    Reply

  3. Steve said

    2016-12-15 at 19:03

    I got an error that said the message wasn’t logged because a namespace was not defined.

    Like

    Reply

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

«
»