Logging for the Password Policy Manager (PPM) can be enabled in order to further troubleshoot password reset/policy and PPM problems.
To enable Password Policy Manager (PPM) logging output:
1. If it does not already exist, create the following key below in the local registry on one of the affected DCs:
HKEY_LOCAL_MACHINE\Software\One Identity\Password Manager\Logging
2. Then create the following string values (REG_SZ) respectively:
a) LogFolder and set the “Value data” to C:\Windows\Temp (You can specify any location/folder, but the folder needs to be created beforehand)
b) LogLevel and set the “Value data” to All
2. Restart the DC (Domain Controller)
3. Reproduce the experienced issue
4. Once the issue is reproduced and logs gathered, change the LogLevel value to None and reboot the DC to disable logging.
See the attached screenshot for reference.
NOTE: Failure to disable logging may eventually result in the DC running out of hard drive space.