Chat now with support
Chat with Support

Defender 6.6 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Push Notifications Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Appendix A: Enabling diagnostic logging

To gather additional information on various Defender components, you can enable diagnostic logging for each component.

To enable the logging for some Defender components, you need to edit the Registry.

Caution: The following sections instruct you to modify the Registry. Note that incorrectly modifying the Registry may severely damage the system. Therefore, you should make the changes carefully. It is highly advisable to create a backup of the Registry before making changes to Registry data.

Administration Console

To enable diagnostic logging for Administration Console

  • On a computer where Administration Console is installed, use Registry Editor to create the following value in the HKLM\SOFTWARE\PassGo Technologies\Defender\Defender AD MMC registry key:

    Value type: REG_DWORD

    Value name: Diagnostics

    Value data: 1

The path to the log file is %ProgramData%\One Identity\Defender\Diagnostics\defender_ade_mmc.txt.

To disable diagnostic logging for Administration Console, delete the Diagnostics value from the Defender AD MMC registry key, or set the value data to 0.

Defender Core Token Operations SDK (DTSDK)

To troubleshoot issues that may occur with token operations, you need to enable diagnostic logging for the DTSDK component which is installed as a part of various Defender components.

To enable diagnostic logging for DTSDK

  • On a computer where DTSDK is installed, use Registry Editor to create the following value in the HKLM\SOFTWARE\PassGo Technologies\Defender registry key:

    Value type: REG_DWORD

    Value name: DTSDK Diagnostics

    Value data: 1

The path to the log file is %ProgramData%\One Identity\Defender\Diagnostics\dtsdk.txt.

To disable diagnostic logging for DTSDK, delete the DTSDK Diagnostics value from the Defender registry key, or set the value data to 0.

Defender Security Server

To enable diagnostic logging for Defender Security Server on a 32-bit (x86) system

On a 32-bit computer where Defender Security Server is installed, use Registry Editor to create the following value in the HKLM\SOFTWARE\PassGo Technologies\Defender\DSS Active Directory Edition registry key:

Value type: REG_DWORD

Value name: Diagnostics

Value data: 1

To enable diagnostic logging for Defender Security Server on a 64-bit (x64) system

On a 64-bit computer where Defender Security Server is installed, use Registry Editor to create the following value in the HKLM\SOFTWARE\WOW6432Node\PassGo Technologies\Defender\DSS Active Directory Edition registry key:

Value type: REG_DWORD

Value name: Diagnostics

Value data: 1

NOTE: If no registry key is found, manually create the following registry key:

HKLM\SOFTWARE\PassGo Technologies\Defender\DSS Active Directory Edition.

The path to the log file is %ProgramData%\One Identity\Defender\Diagnostics\radproxy.txt.

To disable diagnostic logging for Defender Security Server, delete the Diagnostics value from the DSS Active Directory Edition registry key, or set the value data to 0.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating