Share via


CRM 2011: How to Enable Verbose Windows Identity Foundation (WIF) Tracing for Claims-Based Authentication

Overview

When CRM 2011 is configured for claims-based authentication (CBA), Windows Identity Foundation (WIF) is utilized. When troubleshooting CBA, it may be necessary to gather tracing data from the CRM 2011 server. This article details the steps needed in order to create verbose WIF traces from CRM 2011, and how to view those traces in a tool named SvcTraceViewer.

Steps

*Note: These steps should be performed after hours due to the temporary service outage that will result.

  1. Download SvcTraceViewer.exe from the .NET SDK
  2. Create a directory to house the log files. In this example, we will be using C:\logs.
  3. In Windows Explorer, open "%ProgramFiles%\Microsoft Dynamics CRM\CRMWeb"
  4. Edit web.config in Notepad
  5. Find the <system.diagnostics> section
  6. Scroll within <system.diagnostics> and find <source name="Microsoft.IdentityModel"
  7. Change switchValue="Error" to switchValue="Verbose"
    1. *Note: The V on Verbose must be capitalized!
  8. Copy the following lines of text from here to your clipboard:
    1. <listeners>
      <add name="xml" type="System.Diagnostics.XmlWriterTraceListener"
      initializeData="C:\logs\WIF.svclog" />
      </listeners>
  9. Remove the following lines from under <source name="Microsoft.IdentityModel" switchValue="Verbose">:
    1. <listeners>
      <add name="ServiceModelRedirect" />
      </listeners>
  10. Paste the text from your clipboard directly under <source name="Microsoft.IdentityModel" switchValue="Verbose">
  11. Your diagnostics source and listener for Microsoft.IdentityModel should now look like this:
    1. <source name="Microsoft.IdentityModel" switchValue="Verbose">
      <listeners>
      <add name="xml" type="System.Diagnostics.XmlWriterTraceListener"
      initializeData="C:\logs\WIF.svclog" />
      </listeners>
      </source>
  12. Save and Close web.config
  13. Reproduce your issue
  14. Stop IIS (or stop the CRM website and application pool). This is required so the handle to the WIF.svclog file is released and we can gather the trace data.
  15. Copy the WIF.svclog file to an alternate location for review.
  16. Start IIS (or start the CRM website and application pool).
  17. Open SvcTraceViewer.exe
  18. From the File > Open menu, open WIF.svclog

The data in the log is broken out by Activity ID. Each Activity ID can contain multiple events. Work your way down through each Activity ID and each event contained. In this view, you will be able to walk the flow of CBA conversation for the CRM 2011 application.

Steps to revert these changes

  1. In Windows Explorer, open "%ProgramFiles%\Microsoft Dynamics CRM\CRMWeb"
  2. Edit web.config in Notepad
  3. Find the <system.diagnostics> section
  4. Scroll winthin <system.diagnostics> and find <source name="Microsoft.IdentityModel"
  5. Change switchValue="Verbose" to switchValue="Error"
  6. Copy the default listener from the lines of text below:
    1.         <listeners>
                <add name="ServiceModelRedirect" />
              </listeners>
  7. Remove the following lines from under <source name="Microsoft.IdentityModel" switchValue="Error">:
    1.       <listeners>
              <add name="xml" type="System.Diagnostics.XmlWriterTraceListener"
                   initializeData="C:\logs\WIF.svclog" />
            </listeners>
  8. Paste the text from your clipboard directly under <source name="Microsoft.IdentityModel" switchValue="Error">
  9. Your diagnostics source and listener for Microsoft.IdentityModel should now look like this:
    1.       <source name="Microsoft.IdentityModel" switchValue="Error">
              <listeners>
                <add name="ServiceModelRedirect" />
              </listeners>
            </source>
  10. Save and Close web.config