4.1 Debugging Logs for Advanced Authentication

To investigate the possible issues you may be asked to collect the debug logs.

  1. Run DiagTool.exe (the tool must have Microsoft .NET Framework 3.5 installed).

  2. Click Clear All (if applicable) in the Debug logs tab.

  3. Click Enable.

  4. Restart the system.

  5. Reproduce your problem.

  6. Run DiagTool.exe.

  7. Click Save logs in the Debug logs tab.

  8. Specify a file name and path. Click Save to save the logs.

  9. Click Disable to disable the logging.

  10. Click Clear All.

If you don't have the Diagnostic Tool you can perform the actions manually:

  1. Create a text file C:\ProgramData\NetIQ\Logging\config.properties.

  2. Add a string to the file: logEnabled=True that ends by a line break.

  3. Create a directory: C:\ProgramData\NetIQ\Logging\Logs\.

  4. Restart the machine.

  5. Reproduce your problem.

  6. Pack the logs located in C:\ProgramData\NetIQ\Logging\Logs\ into a zip file.

  7. Change logEnabled=True to logEnabled=False in the folder, C:\ProgramData\NetIQ\Logging\config.properties

With the Diagnostic Tool, you can check the network problems on a workstation, issues in connection between a workstation and DNS Server, and to get a list of the Advanced Authentication Servers that can be discovered. To identify Advanced Authentication server, perform the following steps:

NOTE:As a prerequisite, ensure that DiagTool.exe file is available with the following files in the same directory:

  • DiagTool.exe.config

  • Ionic.Zip.dll

  • JHSoftware.DNSClient.dll

  1. Run DiagTool.exe (the tool must have Microsoft .NET Framework 3.5 installed).

  2. Click Servers.

  3. In the Search settings, specify the domain name in Domain to find a list of Advanced Authentication servers in the specified domain.

    If you want to find particular server then clear Use system DNS server and specify the IP address of the DNS server in DNS server.

  4. Select Use v6 DNS lookup to allow the Diagnostic Tool to find the Advanced Authentication server using _aav6 records.

    If you want to find the Advanced Authentication server using _aaa records then clear Use v6 DNS lookup.

  5. Click Search.

NOTE:If you configure IP address of the Advanced Authentication server in the DNS service record, the Diagnostic tool cannot find and retrieve the respective record. Ensure that you configure the DNS service record with Fully Qualified Domain Name (FQDN) to enable the Diagnostic tool to find and retrieve the respective record.