Web Service API
To enable diagnostic logging for Web Service API
- On a computer with Web Service API, go to the Web Service API installation directory.
Normally, the path to the Web Service API installation directory is %ProgramFiles%\One Identity\Defender\Web Service API.
- Make the following changes to the DefenderAdminService.exe.config text file held in the Web Service API installation directory:
- In the <log4net debug="false"> entry, set the value to "true": <log4net debug="true">
- In the <level value="ERROR" /> entry, set the value to "DEBUG": <level value="DEBUG" />
You can find the log file DefenderWebServiceApi.txt in the Logs folder in the Web Service API installation directory. Normally, the path to the log file is %ProgramFiles%\One Identity\Defender\Web Service API\Logs\DefenderWebServiceApi.txt.
To disable diagnostic logging for Web Service API, set these values in the DefenderAdminService.exe.config file:
- <log4net debug="false">
- <level value="ERROR" />
Product information tool
The Product Information tool is a diagnostic tool that helps to gather product details. The tool is available at %ProgramFiles%\Common Files\One Identity\Defender.
To run the tool:
Appendix B: Troubleshooting common authentication issues
If users are experiencing problems authenticating via Defender, there are a number of possible causes, ranging from VPN issues through to individual token failures. To help identify the cause, the information below is useful to collect and send to One Identity Software Support, providing important contextual and diagnostic information.
Step 1: Gather required information
Answers to the following questions can help you get the required information about the authentication issues:
- What error message is the user receiving? Ask the user to provide the full error message text (make a screenshot).
- How many users are affected? The total number of Defender users is also useful to put into context.
- Were the affected users working previously? If so, when?
- What token types are the affected users using?
- What Defender Security Server version and platform are being used?
- When did the issue start occurring? It is useful to have a time approximation to help match up with the logs.
- Have any changes been made recently? For example to any Defender components, Active Directory, VPN server, or network.
Obtain the log files from the following location on the Defender Security Server:
%ProgramFiles%\One Identity\Defender\Security Server\Logs
Additionally, obtain user IDs of several affected users. These are required to locate information related to the affected users in the Defender log files. Make sure to obtain the user IDs, not the user names.