Defender 5.9.3 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Integration with Cloud Access Manager Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Administration Console

Administration Console

To enable diagnostic logging for Administration Console

  • On a computer where Administration Console is installed, use Registry Editor to create the following value in the HKLM\SOFTWARE\PassGo Technologies\Defender\Defender AD MMC registry key:

    Value type: REG_DWORD

    Value name: Diagnostics

    Value data: 1

The path to the log file is %ProgramData%\One Identity\Defender\Diagnostics\defender_ade_mmc.txt.

To disable diagnostic logging for Administration Console, delete the Diagnostics value from the Defender AD MMC registry key, or set the value data to 0.

Defender Core Token Operations SDK (DTSDK)

Defender Core Token Operations SDK (DTSDK)

To troubleshoot issues that may occur with token operations, you need to enable diagnostic logging for the DTSDK component which is installed as a part of various Defender components.

To enable diagnostic logging for DTSDK

  • On a computer where DTSDK is installed, use Registry Editor to create the following value in the HKLM\SOFTWARE\PassGo Technologies\Defender registry key:

    Value type: REG_DWORD

    Value name: DTSDK Diagnostics

    Value data: 1

The path to the log file is %ProgramData%\One Identity\Defender\Diagnostics\dtsdk.txt.

To disable diagnostic logging for DTSDK, delete the DTSDK Diagnostics value from the Defender registry key, or set the value data to 0.

Defender Security Server

Defender Security Server

To enable diagnostic logging for Defender Security Server on a 32-bit (x86) system

On a 32-bit computer where Defender Security Server is installed, use Registry Editor to create the following value in the HKLM\SOFTWARE\PassGo Technologies\Defender\DSS Active Directory Edition registry key:

Value type: REG_DWORD

Value name: Diagnostics

Value data: 1

To enable diagnostic logging for Defender Security Server on a 64-bit (x64) system

On a 64-bit computer where Defender Security Server is installed, use Registry Editor to create the following value in the HKLM\SOFTWARE\WOW6432Node\PassGo Technologies\Defender\DSS Active Directory Edition registry key:

Value type: REG_DWORD

Value name: Diagnostics

Value data: 1

NOTE: If no registry key is found, manually create the following registry key:

HKLM\SOFTWARE\PassGo Technologies\Defender\DSS Active Directory Edition.

The path to the log file is %ProgramData%\One Identity\Defender\Diagnostics\radproxy.txt.

To disable diagnostic logging for Defender Security Server, delete the Diagnostics value from the DSS Active Directory Edition registry key, or set the value data to 0.

Desktop Login

Desktop Login

To enable diagnostic logging for Desktop Login

  • On a computer where Desktop Login is installed, use Registry Editor to create the following value in the HKLM\SOFTWARE\PassGo Technologies\Defender\Defender GINA registry key:

    Value type: REG_DWORD

    Value name: Diagnostics

    Value data: 1

The path to the log file is %ProgramData%\One Identity\Defender\Diagnostics\Defender Desktop Login.txt.

To disable diagnostic logging for Desktop Login, delete the Diagnostics value from the Defender GINA registry key, or set the value data to 0.

Documentos relacionados