PingOne for Enterprise

Configure logging in AD Connect

Configure logging in your AD Connect environment to help troubleshoot connection issues.

By default, AD Connect logs activity to the Windows Event Viewer with the following source names:

Agent Source Name

AD Connect Agent

AuthenticationAgent.exe

AD Connect with IIS

SSO

Provisioning agent

Provisioner.exe

Update monitoring agent

SoftwareUpdates.exe

Configuration monitoring agent (IIS only)

ConfigurationService.exe

To view these logs, go to Logs → Application in the Windows Event Viewer.

You can configure both the IIS and non-IIS versions of AD Connect to log events to a log file in addition to the Event Viewer.

  • With IIS

  • Without IIS

Configure logging in AD Connect with IIS

Steps

  1. In a text editor, open the <install directory>\ADconnect\SSO\web.config file.

  2. In the <log4net> section, add the following code:

      <appender name="file" type="log4net.Appender.FileAppender">
        <file value="c:\tmp\watchdog.log" />
        <appendToFile value="true" />
        <layout type="log4net.Layout.PatternLayout">
          <conversionPattern value="%date %-5level %logger - %message%newline" />
        </layout>
      </appender>
  3. In the <root> section, under <log4net>, add the file logger:

    <appender-ref ref="file" />

    Example:

    The following is an example of how the <log4net> section of the web.config file will appear after making the changes in steps 2 and 3.

    <log4net>
      <appender name="eventlog" type="com.pingidentity.adconnect.logger.CustomEventLogAppender">
        <applicationName value="Sso"/>
        <EventID value="1"/>
        <layout type="log4net.Layout.PatternLayout">
          <conversionPattern value="%date %-5level %logger - %message%newline"/>
        </layout>
      </appender>
      <appender name="file" type="log4net.Appender.FileAppender">
        <file value="c:\tmp\watchdog.log"/>
        <appendToFile value="true"/>
        <layout type="log4net.Layout.PatternLayout">
          <conversionPattern value="%date %-5level %logger - %message%newline"/>
        </layout>
      </appender>
      <root>
        <level value="INFO"/>
        <appender-ref ref="eventlog"/>
        <appender-ref ref="file"/>
      </root>
    </log4net>
  4. Optional: To configure the log file parameters, add the following code to the <appender> file section.

    <rollingStyle value="Size" />
    <maxSizeRollBackups value="0" />
    <maximumFileSize value="100MB" />
    <staticLogFileName value="true" />

    If you’re using a log file temporarily to gather data, you can ignore this step. If you plan to use log files on a long-term basis, this step limits the size of the log file to prevent overusing resources.

    Example:

    Below is an example of how the <appender> file section will appear after you add the code in step 4.

    <appender name="file" type="log4net.Appender.FileAppender">
      <file value="c:\tmp\watchdog.log"/>
      <appendToFile value="true"/>
      <rollingStyle value="Size" />
      <maxSizeRollBackups value="0" />
      <maximumFileSize value="100MB" />
      <staticLogFileName value="true" />
      <layout type="log4net.Layout.PatternLayout">
        <conversionPattern value="%date %-5level %logger [%property{NDC}] - %message%newline"/>
      </layout>
    </appender>
  5. Optional: To enable verbose logging, in the <root> section, change the <level value> value from INFO to DEBUG.

    Example:

    <root>
        <level value="DEBUG"/>
        <appender-ref ref="eventlog"/>
      </root>

    Verbose logging can help troubleshoot authentication issues, such as user authentication failures. Verbose logging adds logs showing which domain controller is being used for the lookup, what LDAP filters are being used to find users, and whether a user was found or their password didn’t match.

  6. Save and close the file.

Configure logging in AD Connect without IIS

Steps

  1. In a text editor, open the <install directory>\AuthenticationAgent\log4net.config file.

  2. In the <root> section, add the following file appender:

    <root>
      <level value="INFO"/>
      <appender-ref ref="eventlog"/>
      <appender-ref ref="file"/>
    </root>
  3. Optional: To configure the log file parameters, add the following code to the <appender> file section.

    <rollingStyle value="Size" />
    <maxSizeRollBackups value="0" />
    <maximumFileSize value="100MB" />
    <staticLogFileName value="true" />

    If you’re using a log file temporarily to gather data, you can ignore this step. If you plan to use log files on a long-term basis, this step limits the size of the log file to prevent overusing resources.

    Example:

    Below is an example of how the <appender> file section will appear after you add the code in step 3.

    <appender name="file" type="log4net.Appender.FileAppender">
      <file value="c:\tmp\watchdog.log"/>
      <appendToFile value="true"/>
      <rollingStyle value="Size" />
      <maxSizeRollBackups value="0" />
      <maximumFileSize value="100MB" />
      <staticLogFileName value="true" />
      <layout type="log4net.Layout.PatternLayout">
        <conversionPattern value="%date %-5level %logger [%property{NDC}] - %message%newline"/>
      </layout>
    </appender>
  4. Optional: To enable verbose logging, in the <root> section, change the <level value> value from INFO to DEBUG.

    Example:

    <root>
        <level value="DEBUG"/>
        <appender-ref ref="eventlog"/>
      </root>

    Verbose logging can help troubleshoot authentication issues, such as user authentication failures. Verbose logging adds logs showing which domain controller is being used for the lookup, what LDAP filters are being used to find users, and whether a user was found or their password didn’t match.

  5. Save and close the file.