8.1 Debugging Logs for Advanced Authentication

With the Diagnostic Tool, you can check the network problems on a workstation, issues in connection between a workstation and DNS Server, and to get a list of the Advanced Authentication servers that can be discovered. To identify Advanced Authentication server, perform the following steps:

NOTE:As a prerequisite, ensure that DiagTool.exe file is available with the following files in the same directory:

  • DiagTool.exe.config

  • Ionic.Zip.dll

  • JHSoftware.DNSClient.dll

  1. Run DiagTool.exe (the tool must have Microsoft .NET Framework 3.5 installed).

  2. Click Servers.

  3. In the Search settings, specify the domain name in Domain to find a list of Advanced Authentication servers in the specified domain.

    If you want to find particular server then clear Use system DNS server and specify the IP address of the DNS server in DNS server.

  4. Select Use v6 DNS lookup to allow the Diagnostic tool to find the Advanced Authentication server using _aav6 records.

    If you want to find the Advanced Authentication server using _aaa records, clear Use v6 DNS lookup.

  5. Click Search.

NOTE:If you configure the IP address of the Advanced Authentication server in the DNS service record, the Diagnostic tool cannot find and retrieve the respective record. Ensure that you configure the DNS service record with the Fully Qualified Domain Name (FQDN) to enable the Diagnostic tool to find and retrieve the respective record.

You can collect the logs for Advanced Authentication in the following ways:

8.1.1 Using a Diagnostic Tool

  1. Run DiagTool.exe. The tool must have Microsoft .NET Framework 3.5 installed.

  2. Click Clear All (if applicable) in the Debug logs tab.

  3. Click Enable.

  4. Restart the Windows operating system.

  5. Reproduce your problem.

  6. Run DiagTool.exe.

  7. Click Save logs in the Debug logs tab.

  8. Specify a file name and path.

  9. Click Save to save the logs.

  10. Click Disable to disable the logging.

  11. Click Clear All.

8.1.2 Manual

  1. Create a text file C:\ProgramData\NetIQ\Logging\config.properties.

  2. Add a string to the file: logEnabled=True that ends by a line break.

  3. Create a directory: C:\ProgramData\NetIQ\Logging\Logs\.

  4. Restart the machine.

  5. Reproduce your problem.

  6. Pack the logs located in C:\ProgramData\NetIQ\Logging\Logs\ into a zip file.

  7. Change logEnabled=True to logEnabled=False in the folder, C:\ProgramData\NetIQ\Logging\config.properties.

8.1.3 Enabling the Profiling Tool

You can configure the Windows Client to enable the profiling for Web server logs of the Advanced Authentication server. Profiling tool helps in tracking the performance, memory allocation, and CPU utilization of each REST API calls that are processed including the background programs that are initiated by the call. In case of an issue, it facilitates in identifying the cause.

Enabling the profiling tool appends &profiling=true parameter to API calls sent to the server. Before enabling profiling, ensure to set Debugging Logs to ON in the Administration portal. After enabling the Profiling tool, you can track the detailed logs in Logs > Web server in the Administration portal.

To enable the Profiling tool, perform the following steps:

  1. Open the configuration file C:\ProgramData\NetIQ\Windows Client\config.properties.

    If the file does not exist, create a new file.

  2. Specify rest_profiling:true (default value is false) in the config.properties file.

  3. Save the configuration.