Debugging the Windows SSP can be a tricky task. There are three potential ways to do it. This page presents each of them, in order of increasing difficulty.
Contents
1. System Preparation
1.1. Turning on Debug
Before you use any of the three methods, the first task it to load the Moonshot configuration GUI (usually located in C:\Program Files\Moonshot\msetupgui.exe
) and tick the "Debug" option. You will need to reboot for this to take effect.
1.2. Setting the Registry
You now need to add the following items into the Windows Registry:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "SPMInfoLevel"=dword:0000101F [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "LogToFile"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos] "LogToFile"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters] "LogToFile"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters] "LogLevel"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos] "LogLevel"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\] "NegEventMask"=dword:0000000F [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters] "LogLevel"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos] "LogLevel"=dword:00000001
2. Debugging
2.1. Option 1 - Log to lsass.log
- After doing the preparation steps above, reboot the machine. SSP debug logging should now appear in C:\WIndows\System32\lsass.log. The lines relevant to the Moonshot SSP begin with "EAP-SSP".
This option is probably the easiest way to view the debug logging from the Moonshot SSP.
2.2. Option 2 - Gather trace information
If you just wish to see the Moonshot SSP logging in its own file, this option may be the best.
Once you have performed the above preparation work, run the following command from the command prompt to start gathering trace information:
logman start mysession -p {b85c67ff-f395-4e75-8836-dc395f022125} -o eapssp.etl -ets
Once you've performed the actions you wish to debug, stop this by issuing the following command:
logman stop mysession -ets
Now run the following common to create the trace log for you to look at.
tracerpt eapssp.etl
If you just wish to see the Moonshot SSP logging in its own file - so that you don't have to sift through other non-relevant logs, this option may be the best.
2.3. Option 3 - Using DebugView
- Once you've done the preparation work above, download DebugView from Microsoft (get it at Microsoft's site).
- Run DebugView as Administrator and capture global Win32 events.