Resources For IT Professionals
Post an article
Wikis - Page Details
  • First published by (6Microsof)
  • When: 15 Sep 2010 9:32 AM
  • Last revision by
  • When: 9 Aug 2012 7:23 PM
  • Revisions: 11
  • Comments: 3
Options
RSSSubscribe to Article (RSS)
Can You Improve This Article?
Positively! Click Sign In to add the tip, solution, correction or comment that will help other users.

Report inappropriate content using these instructions.
Wiki  >  TechNet Articles  >  How to Enable Debug Logging for Active Directory Federation Services 2.0 (AD FS 2.0)

How to Enable Debug Logging for Active Directory Federation Services 2.0 (AD FS 2.0)

How to Enable Debug Logging for Active Directory Federation Services 2.0 (AD FS 2.0)

AD FS 2.0 uses Event Tracing for Windows (ETW) for debug logging.

Configure AD FS 2.0 tracing

  1. Open the following file in a text editor:

    %ProgramFiles%\Active Directory Federation Services 2.0\Microsoft.IdentityServer.Servicehost.exe.config 
     
  2. Locate the <system.diagnostics> tag. There are two types of tracing you can enable: WIF (Windows Identity Foundation) and WCF (Windows Communication Foundation).

    WIF tracing is controlled by:

    <source name="Microsoft.IdentityModel" switchValue=logging level>
    <add name="ADFSWifListener" traceOutputOptions=output options initializeData="Wif" .......>

    WCF tracing is controlled by:

    <source name="System.ServiceModel" switchValue=logging level>
    <add name="ADFSWcfListener" traceOutputOptions=output options initializeData="Wcf" .......>

    Possible values for switchValue: Verbose, Information, Warning, Error, Critical

    Possible values for traceOutputOptions: None, LogicalOperationStack, DateTime, Timestamp, ProcessId, ThreadId, Callstack

    Example of <system.diagnostics> section with verbose logging and all output options enabled:

      <system.diagnostics>
        <sources>
          <!-- To enable WIF tracing, change the switchValue below to desired trace level - Verbose, Information, Warning, Error, Critical -->
          <!-- Set TraceOutputOptions as comma separated value of the following; ProcessId ThreadId CallStack. Specify None to not include any of the optional data-->
          <!-- NOTE THAT THE CHANGES TO THIS SECTION REQUIRES SERVICE RESTART TO TAKE EFFECT -->
          <source name="Microsoft.IdentityModel" switchValue="Verbose">
            <listeners>
              <add name="ADFSWifListener"  traceOutputOptions="ProcessId,ThreadId,Callstack" initializeData="Wif" type="Microsoft.IdentityServer.Diagnostics.ADFSTraceListener,Microsoft.IdentityServer,Version=6.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL" />
            </listeners>
          </source>
          <!-- To enable WCF tracing, change the switchValue below to desired trace level - Verbose, Information, Warning, Error, Critical -->
          <source name="System.ServiceModel" switchValue="Verbose" >
            <listeners>
              <add  name="ADFSWcfListener" traceOutputOptions="ProcessId,ThreadId,Callstack" initializeData="Wcf" type="Microsoft.IdentityServer.Diagnostics.ADFSTraceListener,Microsoft.IdentityServer,Version=6.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL" />
            </listeners>
          </source>
        </sources>  
        <trace autoflush="true" ></trace>
      </system.diagnostics>

  3. Run the following command from a command prompt:

    wevtutil sl “AD FS 2.0 Tracing/Debug” /L:5 
     
  4. Open Event Viewer, click the View menu and select Show Analytic and Debug Logs. This must be enabled for the AD FS 2.0 Tracing log to be visible. 
     
  5. Right-click the Debug log under AD FS 2.0 Tracing and select Enable Log
     
  6. Restart the AD FS 2.0 Windows Service service (adfssrv) either by right-clicking it in the Services MMC or running the following commands at a command prompt:

    net stop adfssrv
    net start adfssrv
, , , , , , , , , , , [Edit tags]
Leave a Comment
  • Please add 3 and 1 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • 9 Aug 2012 7:23 PM

    nzpcmad1 edited Revision 9. Comment: Using wevtutil.exe throws error "Too many arguments are specified.". Drop the .exe part

  • 1 Nov 2011 3:10 AM

    Lars Wilhelmsen edited Revision 7. Comment: sl argument of wevtutil.exe must be lower case

Page 1 of 1 (2 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Posted by
    on 1 Nov 2011 3:10 AM

    Lars Wilhelmsen edited Revision 7. Comment: sl argument of wevtutil.exe must be lower case

  • Posted by
    on 9 Aug 2012 7:23 PM

    nzpcmad1 edited Revision 9. Comment: Using wevtutil.exe throws error "Too many arguments are specified.". Drop the .exe part

  • Posted by
    on 30 Aug 2013 8:25 AM

    On "Server 2008 R2":

    1. If you run "wevtutil ..." from a command ("cmd.exe") window, you will get:

    Too many arguments are specified. The parameter is incorrect."

    If you run it from PowerShell, however, it will work.

    2. You *MUST* have the ADFS debug log disabled *BEFORE* running the "wevtutil ..." command or you will get:

    ... The channel must first be disabled before performing the requested operation.

    So make sure you perform the steps in order, and disable the channel once you've finished collecting debug logs.

Page 1 of 1 (3 items)