Share via

How to Enable Debug Logging for Active Directory Federation Services 2.0 (AD FS 2.0)

  • Article

AD FS 2.0 uses Event Tracing for Windows (ETW) for debug logging.

Configure AD FS 2.0 tracing

  1. Open the following file in a text editor:

    %ProgramFiles%\Active Directory Federation Services 2.0\Microsoft.IdentityServer.Servicehost.exe.config 
     

  2. Locate the <system.diagnostics> tag. There are two types of tracing you can enable: WIF (Windows Identity Foundation) and WCF (Windows Communication Foundation).

    WIF tracing is controlled by:

    <source name="Microsoft.IdentityModel" switchValue=logging level>
    <add name="ADFSWifListener" traceOutputOptions=output options initializeData="Wif" .......>

    WCF tracing is controlled by:

    <source name="System.ServiceModel" switchValue=logging level>
    <add name="ADFSWcfListener" traceOutputOptions=output options initializeData="Wcf" .......>

    Possible values for switchValue: Verbose, Information, Warning, Error, Critical

    Possible values for traceOutputOptions: None, LogicalOperationStack, DateTime, Timestamp, ProcessId, ThreadId, Callstack

    Example of <system.diagnostics> section with verbose logging and all output options enabled:

      <system.diagnostics>
        <sources>
          <!-- To enable WIF tracing, change the switchValue below to desired trace level - Verbose, Information, Warning, Error, Critical -->
          <!-- Set TraceOutputOptions as comma separated value of the following; ProcessId ThreadId CallStack. Specify None to not include any of the optional data-->
          <!-- NOTE THAT THE CHANGES TO THIS SECTION REQUIRES SERVICE RESTART TO TAKE EFFECT -->
          <source name="Microsoft.IdentityModel" switchValue="Verbose">
            <listeners>
              <add name="ADFSWifListener"  traceOutputOptions="ProcessId,ThreadId,Callstack" initializeData="Wif" type="Microsoft.IdentityServer.Diagnostics.ADFSTraceListener,Microsoft.IdentityServer,Version=6.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL" />
            </listeners>
          </source>
          <!-- To enable WCF tracing, change the switchValue below to desired trace level - Verbose, Information, Warning, Error, Critical -->
          <source name="System.ServiceModel" switchValue="Verbose" >
            <listeners>
              <add  name="ADFSWcfListener" traceOutputOptions="ProcessId,ThreadId,Callstack" initializeData="Wcf" type="Microsoft.IdentityServer.Diagnostics.ADFSTraceListener,Microsoft.IdentityServer,Version=6.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL" />
            </listeners>
          </source>
        </sources>  
        <trace autoflush="true" ></trace>
      </system.diagnostics>

  3. Run the following command from a command prompt:

    wevtutil sl “AD FS 2.0 Tracing/Debug” /L:5 
     

  4. Open Event Viewer, click the View menu and select Show Analytic and Debug Logs. This must be enabled for the AD FS 2.0 Tracing log to be visible. 
     

  5. Right-click the Debug log under AD FS 2.0 Tracing and select Enable Log
     

  6. Restart the AD FS 2.0 Windows Service service (adfssrv) either by right-clicking it in the Services MMC or running the following commands at a command prompt:

    net stop adfssrv
    net start adfssrv