To obtain the debug logs for ADFS MFA plug-in, perform the following steps:
Run DiagTool.exe (the tool must have Microsoft .NET Framework 3.5 installed).
Click Clear All in the Debug logs tab.
Click Enable.
Restart the system.
Reproduce your problem.
Run DiagTool.exe.
Click Save logs in the Debug logs tab.
Specify a file name and path.
Click Save.
Click Disable.
Click Clear All.
If you do not have the Diagnostic Tool, you can perform the actions manually:
Create a text file config.properties in the folder C:\ProgramData\NetIQ\Logging\.
Add a string to the file: logEnabled=True that ends with a line break.
Create a directory: C:\ProgramData\NetIQ\Logging\Logs\.
Restart the machine.
Reproduce your problem.
Pack the logs located in the folder C:\ProgramData\NetIQ\Logging\Logs\ into a zip file.
Change logEnabled=True to logEnabled=False in the folder C:\ProgramData\NetIQ\Logging\config.properties
With the Diagnostic Tool, you can check the network problems on a workstation, issues in connection between a workstation and DNS Server, and to get a list of the Advanced Authentication Servers that can be discovered. To do this, perform the following steps:
Run DiagTool.exe (the tool must have Microsoft .NET Framework 3.5 installed).
Switch to the Servers tab.
In the Search settings you must enter FQDN in Domain and click Search. A list of Advanced Authentication Servers is displayed.
If the list is not displayed, clear Use system DNS server and enter the IP address of your DNS server in DNS server and click Search again.