Configure logging in AD Connect
Configure logging in your AD Connect environment to help troubleshoot connection issues.
By default, AD Connect logs activity to the Windows Event Viewer with the following source names:
Agent | Source Name |
---|---|
AD Connect Agent |
|
AD Connect with IIS |
SSO |
Provisioning agent |
|
Update monitoring agent |
|
Configuration monitoring agent (IIS only) |
|
To view these logs, go to Logs → Application in the Windows Event Viewer.
You can configure both the IIS and non-IIS versions of AD Connect to log events to a log file in addition to the Event Viewer.
-
With IIS
-
Without IIS
Configure logging in AD Connect with IIS
Steps
-
In a text editor, open the
<install directory>\ADconnect\SSO\web.config
file. -
In the
<log4net>
section, add the following code:<appender name="file" type="log4net.Appender.FileAppender"> <file value="c:\tmp\watchdog.log" /> <appendToFile value="true" /> <layout type="log4net.Layout.PatternLayout"> <conversionPattern value="%date %-5level %logger - %message%newline" /> </layout> </appender>
-
In the
<root>
section, under<log4net>
, add the file logger:<appender-ref ref="file" />
Example:
The following is an example of how the
<log4net>
section of theweb.config
file will appear after making the changes in steps 2 and 3.<log4net> <appender name="eventlog" type="com.pingidentity.adconnect.logger.CustomEventLogAppender"> <applicationName value="Sso"/> <EventID value="1"/> <layout type="log4net.Layout.PatternLayout"> <conversionPattern value="%date %-5level %logger - %message%newline"/> </layout> </appender> <appender name="file" type="log4net.Appender.FileAppender"> <file value="c:\tmp\watchdog.log"/> <appendToFile value="true"/> <layout type="log4net.Layout.PatternLayout"> <conversionPattern value="%date %-5level %logger - %message%newline"/> </layout> </appender> <root> <level value="INFO"/> <appender-ref ref="eventlog"/> <appender-ref ref="file"/> </root> </log4net>
-
Optional: To configure the log file parameters, add the following code to the
<appender>
file section.<rollingStyle value="Size" /> <maxSizeRollBackups value="0" /> <maximumFileSize value="100MB" /> <staticLogFileName value="true" />
If you’re using a log file temporarily to gather data, you can ignore this step. If you plan to use log files on a long-term basis, this step limits the size of the log file to prevent overusing resources.
Example:
Below is an example of how the
<appender>
file section will appear after you add the code in step 4.<appender name="file" type="log4net.Appender.FileAppender"> <file value="c:\tmp\watchdog.log"/> <appendToFile value="true"/> <rollingStyle value="Size" /> <maxSizeRollBackups value="0" /> <maximumFileSize value="100MB" /> <staticLogFileName value="true" /> <layout type="log4net.Layout.PatternLayout"> <conversionPattern value="%date %-5level %logger [%property{NDC}] - %message%newline"/> </layout> </appender>
-
Optional: To enable verbose logging, in the
<root>
section, change the<level value>
value fromINFO
toDEBUG
.Example:
<root> <level value="DEBUG"/> <appender-ref ref="eventlog"/> </root>
Verbose logging can help troubleshoot authentication issues, such as user authentication failures. Verbose logging adds logs showing which domain controller is being used for the lookup, what LDAP filters are being used to find users, and whether a user was found or their password didn’t match.
-
Save and close the file.
Configure logging in AD Connect without IIS
Steps
-
In a text editor, open the
<install directory>\AuthenticationAgent\log4net.config
file. -
In the
<root>
section, add the following file appender:<root> <level value="INFO"/> <appender-ref ref="eventlog"/> <appender-ref ref="file"/> </root>
-
Optional: To configure the log file parameters, add the following code to the
<appender>
file section.<rollingStyle value="Size" /> <maxSizeRollBackups value="0" /> <maximumFileSize value="100MB" /> <staticLogFileName value="true" />
If you’re using a log file temporarily to gather data, you can ignore this step. If you plan to use log files on a long-term basis, this step limits the size of the log file to prevent overusing resources.
Example:
Below is an example of how the
<appender>
file section will appear after you add the code in step 3.<appender name="file" type="log4net.Appender.FileAppender"> <file value="c:\tmp\watchdog.log"/> <appendToFile value="true"/> <rollingStyle value="Size" /> <maxSizeRollBackups value="0" /> <maximumFileSize value="100MB" /> <staticLogFileName value="true" /> <layout type="log4net.Layout.PatternLayout"> <conversionPattern value="%date %-5level %logger [%property{NDC}] - %message%newline"/> </layout> </appender>
-
Optional: To enable verbose logging, in the
<root>
section, change the<level value>
value fromINFO
toDEBUG
.Example:
<root> <level value="DEBUG"/> <appender-ref ref="eventlog"/> </root>
Verbose logging can help troubleshoot authentication issues, such as user authentication failures. Verbose logging adds logs showing which domain controller is being used for the lookup, what LDAP filters are being used to find users, and whether a user was found or their password didn’t match.
-
Save and close the file.