Enabling security tracing for troubleshooting using .Net

.Net provides logging and tracing capabilities that can help troubleshoot configuration mistakes or other problems that might be causing authentication issues.

Error level logging is enabled by default. Trace level logging, typically needed only for troubleshooting, is disabled by default. This topic describes how to enable trace level logging to be used for troubleshooting.

Trace level log files can become very large in a short time. Typically, you will enable trace level logging only when you are troubleshooting.

  1. Optional: You can make a backup copy of the following file:

    <Your_DSSO_Location>\system\LawsonSecurityLogger.config

    For example, save it as LawsonSecurityTracingDisabled.config

    This will make it easier to return the file to tracing disabled when you are finished troubleshooting.

  2. Open the following file for editing:

    <Your_DSSO_Location>\system\LawsonSecurityLogger.config

  3. Edit the <logger> section of the <rules> node to specify "Trace" as the logging level as shown here.

    Before you make the edit, you should see:

    <rules>
  <logger name = "x" minlevel = "Error"
    WriteTo="LawsonSecurityMainLog" />
</rules>

    After you make the edit, you will see:

    <rules>
  <logger name = "x" minlevel = "Trace"
    WriteTo="LawsonSecurityMainLog" />
</rules>
  4. From a command window on the SharePoint server, issue an issreset command.
  5. When the reset completes, re-run a failed action that caused you to enable logging.

    For example, if a user was unable log, re-attempt this user's login.

    Check the location for the file lawson_security_<date>.log and then open the file to verify that the log-in exception has been written to the file.

    Perform troubleshooting as needed to resolve the problem.

  6. When you are finished troubleshooting, return the security configuration file back to "Error" level logging.

    When you are finished re-enabling Error level logging, the <rules> node should again look like this:

    <rules>
  <logger name = "x" minlevel = "Error"
    WriteTo="LawsonSecurityMainLog" />
</rules>
  7. Reset IIS.