Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Troubleshooting local GSSAPI connections can be a tricky task. There are three potential ways to do it. This page presents each of them, in order of increasing difficulty.

Contents

1. System Preparation

1.1. Installing the Kerberos GSSAPI client and server utility

You now need to add the following items into the Windows Registry:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"SPMInfoLevel"=dword:0000101F
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"LogToFile"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]
"LogToFile"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters]
"LogToFile"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters]
"LogLevel"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]
"LogLevel"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\]
"NegEventMask"=dword:0000000F
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters]
"LogLevel"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]
"LogLevel"=dword:00000001

2. Debugging

2.1. Option 1 - Log to lsass.log

  1. After doing the preparation steps above, reboot the machine. SSP debug logging should now appear in C:\WIndows\System32\lsass.log. The lines relevant to the Moonshot SSP begin with "EAP-SSP".

This option is probably the easiest way to view the debug logging from the Moonshot SSP.

2.2. Option 2 - Gather trace information

If you just wish to see the Moonshot SSP logging in its own file, this option may be the best.

Once you have performed the above preparation work, start a Command Prompt session as an Administrator:

  1. Click Start, All Programs, Accessories.

  2. Right-click the Command Prompt entry, select Run as administrator.

    User Access Control

    You may be prompted to confirm whether you want to allow the program to make changes to the computer. Choose Yes.

  3. Run the following command from the command prompt to start gathering trace information:

    logman start mysession -p {b85c67ff-f395-4e75-8836-dc395f022125} -o eapssp.etl -ets
  4. Once you've performed the actions you wish to debug, stop this by issuing the following command:

    logman stop mysession -ets
  5. Now run the following common to create the trace log for you to look at.

    tracerpt eapssp.etl

If you just wish to see the Moonshot SSP logging in its own file - so that you don't have to sift through other non-relevant logs, this option may be the best.

2.3. Option 3 - Using DebugView

  1. Once you've done the preparation work above, download DebugView from Microsoft (get it at Microsoft's site).
  2. Run DebugView as Administrator and capture global Win32 events.
This final option is the trickiest and requires extra tools to be installed. It is, however, required to debug particularly thorny SSP issues.
  • No labels