Configure Event Logging on a Federation Server

Updated: January 31, 2008

Applies To: Windows Server 2008

Servers that are running the Federation Service component of Active Directory Federation Services (AD FS) log AD FS Federation Service events in the Application event log. These events report information about the operation of the components of the local organization and the partner organizations that are covered by a trust policy.

noteNote
When it is configured manually, AD FS also can log debug information. Debug logs are located in %systemdrive%\Windows\SystemData\ADFS\logs. For more information about how to configure debug logging, see Configuring AD FS Servers for Troubleshooting (http://go.microsoft.com/fwlink/?LinkId=74970).

The following types of events are available and enabled by default in AD FS:

  • Error: Information about a significant problem of which the user should be aware, usually involving a loss of functionality or data.

  • Warning: Indicates a problem that is not immediately significant, but that may signify conditions that could cause future issues.

  • Informational: Information about a significant, successful operation.

  • Success audit: Indicates an audited security event when an audited access attempt is successful, for example, a successful logon attempt.

  • Failure audit: Indicates a security event that occurs when an audited access attempt fails; for example, an inbound token was not valid.

  • Detailed success: A success audit event with detailed information about each token that was involved in the transaction, including claims information.

  • Detailed failure: A failure audit event with detailed information about each token that was involved in the transaction, including claims information.

You can select the levels that you want to enable and disable.

noteNote
Audit object access must be turned on for success or failure to allow the Federation Service to log errors. For more information, see Audit object access (http://go.microsoft.com/fwlink/?LinkId=79749).

Membership in Administrators, or equivalent, on the local computer is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).

  1. Click Start, point to Administrative Tools, and then click Active Directory Federation Services.

  2. Right-click the Trust Policy node, and then click Properties.

  3. Scroll to the Event Log tab.

  4. Under Event log level, click to select and deselect event log types, and then click OK.

Community Additions

ADD
Show: