Enabling configuration for ADFS 2.0 Server Traces

Introduction
I was working on doing diagnostics for an R-STS scenario with ADFS 2.0 and I was getting lots of errors. I had enabled tracing already for the client side but I was not getting any error traces for the client. I think a large percentage of the errors occur on the ADFS server side. So I enabled tracing for the server side as well. I just tried it and did not know if this was officially supported or documented. Doing this REALLY helped me figure out the problem and deal with error messages that were confusing. In this post I am going to show what I did to enable the server sideĀ tracing.
In doing secondary research for this post I did see this post from back during ADFS Beta 2: http://imav8n.wordpress.com/2009/08/06/enabling-logging-in-adfs/. I will just update some of the details here.
Details
The config for ADFS is found in c:\Program Files\Active Directory Federation Services 2.0 called Microsoft.IdentityServer.ServiceHost.exe.config. Here is a copy of my config file with the tracing added. You should be able to copy this directly and then the tracing can be output for you. I did also disable the default trace ADFS listener because I wanted the output to go to a file so that I can correlate everthing using the service trace viewer
<?xml version="1.0" encoding="utf-8" ?>
<configuration>

  <configSections>
    <section name="microsoft.identityServer.service" type="Microsoft.IdentityServer.Service.Configuration.ServiceConfiguration, Microsoft.IdentityServer.Service, Version=6.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL" />
    <section name="microsoft.identityServer" type="Microsoft.IdentityServer.Service.Configuration.IdentityServerConfiguration, Microsoft.IdentityServer.Service, Version=6.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL"/>
    <section name="microsoft.identityServer.proxy" type="Microsoft.IdentityServer.Service.Configuration.ProxyConfigurationSection, Microsoft.IdentityServer.Service, Version=6.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL"/>
  </configSections>

  <microsoft.identityServer serviceMode="Server"/>

  <microsoft.identityServer.proxy >
    <host name="" httpPort="80" httpsPort="443" />
    <proxyTrust proxyTrustRenewPeriod="240" />
  </microsoft.identityServer.proxy>

  <microsoft.identityServer.service>
    <policyStore connectionString="Data Source=\\.\pipe\mssql$microsoft##ssee\sql\query;Initial Catalog=AdfsConfiguration;Integrated Security=True"
      administrationUrl="net.tcp://localhost:1500/policy" />
    <trustMonitoring enabled="true" />

  </microsoft.identityServer.service>
  <system.diagnostics>
    <sources>
      <!-- To enable WIF tracing, change the switchValue below to desired trace level - Verbose, Information, Warning, Error, Critical -->
      <!-- Set TraceOutputOptions as comma separated value of the following; ProcessId ThreadId CallStack. Specify None to not include any of the optional data-->
      <!-- NOTE THAT THE CHANGES TO THIS SECTION REQUIRES SERVICE RESTART TO TAKE EFFECT -->
      <source name="Microsoft.IdentityModel" switchValue="Verbose">
        <listeners>
<!--          <add name="ADFSWifListener"  traceOutputOptions="ProcessId,ThreadId" initializeData="Wif" type="Microsoft.IdentityServer.Diagnostics.ADFSTraceListener,Microsoft.IdentityServer,Version=6.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL" /> -->
          <add name="ADFSWifListener" />

        </listeners>
      </source>

      <!-- To enable WCF tracing, change the switchValue below to desired trace level - Verbose, Information, Warning, Error, Critical and
           uncomment the system.servicemodel section below -->
      <source name="System.ServiceModel" switchValue="Verbose" >
        <listeners>
        <!--  <add  name="ADFSWcfListener" traceOutputOptions="ProcessId,ThreadId" initializeData="Wcf" type="Microsoft.IdentityServer.Diagnostics.ADFSTraceListener,Microsoft.IdentityServer,Version=6.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL" /> -->
          <add name="ADFSWcfListener" />
        </listeners>
      </source>
      <source name="System.ServiceModel.MessageLogging" switchValue="Verbose" >
        <listeners>
<!--          <add  name="ADFSWcfListener" traceOutputOptions="ProcessId,ThreadId" initializeData="Wcf" type="Microsoft.IdentityServer.Diagnostics.ADFSTraceListener,Microsoft.IdentityServer,Version=6.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL" /> -->
          <add name="ADFSWcfListener" />
        </listeners>
      </source>
    </sources>
    <!-- Added by Ben Cline - sharedListeners -->
    <sharedListeners>
      <add name="ADFSWcfListener"
           type="System.Diagnostics.XmlWriterTraceListener, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
           initializeData="c:\temp\adfssvchost_servicemodel.svclog"
           traceOutputOptions="Timestamp">
        <filter type="" />
      </add>
      <add name="ADFSWifListener"
           type="System.Diagnostics.XmlWriterTraceListener, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
           initializeData="c:\temp\adfssvchost_wif.svclog"
           traceOutputOptions="Timestamp">
        <filter type="" />
      </add>

    </sharedListeners>
    <trace autoflush="true" ></trace>

  </system.diagnostics>

 <system.serviceModel>
    <diagnostics>
      <messageLogging logEntireMessage="true"
              logMessagesAtServiceLevel="true"
              logMessagesAtTransportLevel="true">
      </messageLogging>
    </diagnostics>
  </system.serviceModel>

  <runtime>
    <gcServer enabled="true"/>
  </runtime>
</configuration>

Advertisements

, ,

  1. #1 by Ben Cline on April 12, 2011 - 10:30 am

    You still have to create the folder for the traces to output to – c:\temp based on the example above.

  2. #2 by Ben Cline on August 24, 2011 - 4:16 pm

    I have finally progressed far enough in working with ADFS to understand why this is not enabled like I showed above. The link at http://blogs.msdn.com/b/card/archive/2010/01/21/diagnostics-in-ad-fs-2-0.aspx shows how to enable the WCF tracing but you do have to have the diagnostic log setup because the WCF tracing appears in this log.

    Thanks,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: