Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Work 2.16
  3. Configuring Office 365 Modern Authentication for BlackBerry Dynamics Apps
  4. Troubleshooting
  5. Enable ADFS debug logging

Enable ADFS debug logging

You can turn on ADFS debugging logging to help you troubleshoot issues. 

Set Trace level and enable the ADFS tracing log

  1. Run command prompt as an administrator.
  2. Type the following command: 
    C:Windowssystem32>wevtutil sl “AD FS Tracing/Debug” /L:5
  3. Open 
    Event Viewer.
  4. Right-click on 
    Application and Services Logs.
     and select 
    View
     > 
    Show Analytics
    .
  5. Navigate to AD FS Tracing – Debug.
  6. Right-click and select 
    Enable Log
     to start Trace Debugging immediately.
  7. Navigate to AD FS Tracing – Debug.
  8. Right-click and select 
    Disable Log
     to stop Trace Debugging. It is difficult to scroll and search in the events page by page in the Debug Log, so it is recommended that you save all Debug events to a *.evtx file first.
  9. Open the saved log again and observe that it now includes ADFS Tracing events. These can be analyzed, according to the applicable timestamps, for troubleshooting purposes. 

Enable Object access auditing to see access data in security logs

To observe detailed information about access activities on the ADFS servers, you must enable object access auditing in two locations on the ADFS servers:
  1. To turn on auditing in the ADFS UI, do the following:
    1. On the primary ADFS server, right-click on 
      Service.
    2.  Select the 
      Success audits 
      and 
      Failure audits 
      checkboxes. These settings are valid for all ADFS servers in the farm.
  2. To modify the Local Security Policy, do the following:
    1. Search Windows for 
      gpedit.msc
      .
    2. Navigate to 
      Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy
      .
    3. In the policy list, right-click on 
      Audit Object Access
    4. Select the 
      Success
       and 
      Failure
       checkboxes. These settings have to be enabled in the Local Security Policy on each ADFS server (or in an equivalent GPO that is set in Active Directory).
    5. Click 
      OK
    6. Open the security event logs on the ADFS servers and search for the timestamps that correspond to any testing or troubleshooting that is being conducted.