| Author | Messages | |
JefTek
Posts:48
 | | 07/16/2008 5:30 PM |
| Hi All,
I was wondering if anyone knew of any extended logging capabilities for troubleshooting LDAPS connections? I'm doiing network level sniffing, but was looking for something more descriptive in logging if possible.
I'm having a bear of a time with Lotus Notes applications attempting LDAPS connections, and I'd like to see if there are any extended logging I can enable on a windows 2003 server running ADAM/ADLDS.
I found these keys here, but nothing around extended logging:
http://technet2.microsoft.com/windowsserver/en/library/3f98fdd9-ed64-49f7-9c20-a2d4581dfbea1033.mspx?mfr=true
Thanks in advance,
Jef Kazimer ------- http://jeftek.com
| | | |
| matheesha
Posts:14
| | 07/16/2008 5:30 PM |
| >From http://blogs.technet.com/askds/archive/2008/04/02/directory-services-debug-logging-primer.aspx
Schannel
Output: System Event Log
Value Path: HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel
Value Name: EventLogging
Value Type: REG_DWORD
Value Data: 7
disclaimer: I've never used it. 
HTH
M@
2008/5/15 Jef Kazimer <jef@jeftek.com>:
> Chris,
>
> Thanks, but the issues appear to be with the SSL handshake during connect,
> long before we get to searching which would be logged with those keys. So
> the client can't even connect to the LDAPS ports (many others can, just not
> Lotus Apps..)
>
> Supposedly the 4096 bit key issue is fix in 8.x that I posted about here (
> http://jeftek.com/iam/directory-services/lotus-domino-ldap-ssl-certificate-issue/ )
> but now I am having some doubts.
>
> I'd like to be able to log the handshake events from sChannel, but I don't
> see to find anything as granular. Lotus/IBM is little help of course, even
> though it's only their platform I'm seeing issues with. 
>
>
>
> Jef Kazimer
> -------
> http://jeftek.com
>
>
> ________________________________
> From: cmosteller@m3tg.com
> To: ActiveDir@mail.activedir.org
> Date: Thu, 15 May 2008 13:08:38 -0400
> Subject: RE: [ActiveDir] LDAPS/SSL Troubleshooting for ADLDS
>
> Found this article in the archives. Check it out to see if it's what you're
> looking for.
>
>
>
> http://www.activedir.org/Articles/tabid/54/articleType/ArticleView/articleId/41/Logging-LDAP-searches-AD-and-ADAM.aspx
>
>
>
> Chris
>
>
>
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Jef Kazimer
> Sent: Thursday, May 15, 2008 1:03 PM
> To: activedir@mail.activedir.org
> Subject: [ActiveDir] LDAPS/SSL Troubleshooting for ADLDS
>
>
>
> Hi All,
>
> I was wondering if anyone knew of any extended logging capabilities for
> troubleshooting LDAPS connections? I'm doiing network level sniffing, but
> was looking for something more descriptive in logging if possible.
>
> I'm having a bear of a time with Lotus Notes applications attempting LDAPS
> connections, and I'd like to see if there are any extended logging I can
> enable on a windows 2003 server running ADAM/ADLDS.
>
> I found these keys here, but nothing around extended logging:
>
> http://technet2.microsoft.com/windowsserver/en/library/3f98fdd9-ed64-49f7-9c20-a2d4581dfbea1033.mspx?mfr=true
>
> Thanks in advance,
>
>
> Jef Kazimer
> -------
> http://jeftek.com
>
>
>
>
>
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| ArthurKitchens
Posts:2
| | 07/16/2008 5:32 PM |
| Portecle and openssl have verbose SSL options that might be useful for
this.
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Chris Mosteller
Sent: Thursday, May 15, 2008 1:09 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAPS/SSL Troubleshooting for ADLDS
Found this article in the archives. Check it out to see if it's what
you're looking for.
http://www.activedir.org/Articles/tabid/54/articleType/ArticleView/artic
leId/41/Logging-LDAP-searches-AD-and-ADAM.aspx
Chris
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Jef Kazimer
Sent: Thursday, May 15, 2008 1:03 PM
To: activedir@mail.activedir.org
Subject: [ActiveDir] LDAPS/SSL Troubleshooting for ADLDS
Hi All,
I was wondering if anyone knew of any extended logging capabilities for
troubleshooting LDAPS connections? I'm doiing network level sniffing,
but was looking for something more descriptive in logging if possible.
I'm having a bear of a time with Lotus Notes applications attempting
LDAPS connections, and I'd like to see if there are any extended logging
I can enable on a windows 2003 server running ADAM/ADLDS.
I found these keys here, but nothing around extended logging:
http://technet2.microsoft.com/windowsserver/en/library/3f98fdd9-ed64-49f
7-9c20-a2d4581dfbea1033.mspx?mfr=true
Thanks in advance,
Jef Kazimer
-------
http://jeftek.com
| | | |
| dmitrig
Posts:59
| | 07/16/2008 5:32 PM |
| This might help as well:
http://groups.google.com/group/microsoft.public.windows.server.active_directory/browse_thread/thread/d30f1afc712227cb/4181cf2014869c5e?hl=en&lnk=st&q=ADAM+SSL+SChannel+logging#4181cf2014869c5e
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Jef Kazimer
Sent: Thursday, May 15, 2008 11:24 AM
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] LDAPS/SSL Troubleshooting for ADLDS
Sweet find!
I'll give it a whirl, and see what data it provides. I'll post back to share if I can.
Thanks!
Jef Kazimer
-------
http://jeftek.com
________________________________
> Date: Thu, 15 May 2008 18:49:58 +0100
> From: matheesha@gmail.com
> To: ActiveDir@mail.activedir.org
> Subject: Re: [ActiveDir] LDAPS/SSL Troubleshooting for ADLDS
>
> >From http://blogs.technet.com/askds/archive/2008/04/02/directory-services-debug-logging-primer.aspx
>
>
> Schannel
>
> Output: System Event Log
> Value Path: HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel
> Value Name: EventLogging
> Value Type: REG_DWORD
> Value Data: 7
>
> disclaimer: I've never used it.
>
> HTH
>
> M@
>
> 2008/5/15 Jef Kazimer <jef@jeftek.com>:
> > Chris,
> >
> > Thanks, but the issues appear to be with the SSL handshake during connect,
> > long before we get to searching which would be logged with those keys. So
> > the client can't even connect to the LDAPS ports (many others can, just not
> > Lotus Apps..)
> >
> > Supposedly the 4096 bit key issue is fix in 8.x that I posted about here (
> > http://jeftek.com/iam/directory-services/lotus-domino-ldap-ssl-certificate-issue/ )
> > but now I am having some doubts.
> >
> > I'd like to be able to log the handshake events from sChannel, but I don't
> > see to find anything as granular. Lotus/IBM is little help of course, even
> > though it's only their platform I'm seeing issues with.
> >
> >
> >
> > Jef Kazimer
> > -------
> > http://jeftek.com
> >
> >
> > ________________________________
> > From: cmosteller@m3tg.com
> > To: ActiveDir@mail.activedir.org
> > Date: Thu, 15 May 2008 13:08:38 -0400
> > Subject: RE: [ActiveDir] LDAPS/SSL Troubleshooting for ADLDS
> >
> > Found this article in the archives. Check it out to see if it's what you're
> > looking for.
> >
> >
> >
> > http://www.activedir.org/Articles/tabid/54/articleType/ArticleView/articleId/41/Logging-LDAP-searches-AD-and-ADAM.aspx
> >
> >
> >
> > Chris
> >
> >
> >
> > From: ActiveDir-owner@mail.activedir.org
> > [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Jef Kazimer
> > Sent: Thursday, May 15, 2008 1:03 PM
> > To: activedir@mail.activedir.org
> > Subject: [ActiveDir] LDAPS/SSL Troubleshooting for ADLDS
> >
> >
> >
> > Hi All,
> >
> > I was wondering if anyone knew of any extended logging capabilities for
> > troubleshooting LDAPS connections? I'm doiing network level sniffing, but
> > was looking for something more descriptive in logging if possible.
> >
> > I'm having a bear of a time with Lotus Notes applications attempting LDAPS
> > connections, and I'd like to see if there are any extended logging I can
> > enable on a windows 2003 server running ADAM/ADLDS.
> >
> > I found these keys here, but nothing around extended logging:
> >
> > http://technet2.microsoft.com/windowsserver/en/library/3f98fdd9-ed64-49f7-9c20-a2d4581dfbea1033.mspx?mfr=true
> >
> > Thanks in advance,
> >
> >
> > Jef Kazimer
> > -------
> > http://jeftek.com
> >
> >
> >
> >
> >
> >
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
| | | |
|
|