Chat now with support
Chat with Support

Defender 5.11 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Web Service API

To enable diagnostic logging for Web Service API

  1. On a computer with Web Service API, go to the Web Service API installation directory.

    Normally, the path to the Web Service API installation directory is %ProgramFiles%\One Identity\Defender\Web Service API.

  2. Make the following changes to the DefenderAdminService.exe.config text file held in the Web Service API installation directory:
    • In the <log4net debug="false"> entry, set the value to "true": <log4net debug="true">
    • In the <level value="ERROR" /> entry, set the value to "DEBUG": <level value="DEBUG" />

You can find the log file DefenderWebServiceApi.txt in the Logs folder in the Web Service API installation directory. Normally, the path to the log file is %ProgramFiles%\One Identity\Defender\Web Service API\Logs\DefenderWebServiceApi.txt.

To disable diagnostic logging for Web Service API, set these values in the DefenderAdminService.exe.config file:

  • <log4net debug="false">
  • <level value="ERROR" />

Product information tool

The Product Information tool is a diagnostic tool that helps to gather product details. The tool is available at %ProgramFiles%\Common Files\One Identity\Defender.

To run the tool:

  • Go to the location %ProgramFiles%\Common Files\One Identity\Defender.
  • Double-click ProductInfo.exe.

    The details are generated as text files in the location
    %ProgramData% \One Identity\Defender\Diagnostics\ProductInfoLogs. The generated files are FileInfo[timestamp].txt and SystemInfo[timestamp].txt.

Appendix B: Troubleshooting common authentication issues

If users are experiencing problems authenticating via Defender, there are a number of possible causes, ranging from VPN issues through to individual token failures. To help identify the cause, the information below is useful to collect and send to One Identity Software Support, providing important contextual and diagnostic information.

Step 1: Gather required information

Answers to the following questions can help you get the required information about the authentication issues:

  • What error message is the user receiving? Ask the user to provide the full error message text (make a screenshot).
  • How many users are affected? The total number of Defender users is also useful to put into context.
  • Were the affected users working previously? If so, when?
  • What token types are the affected users using?
  • What Defender Security Server version and platform are being used?
  • When did the issue start occurring? It is useful to have a time approximation to help match up with the logs.
  • Have any changes been made recently? For example to any Defender components, Active Directory, VPN server, or network.

Obtain the log files from the following location on the Defender Security Server:

%ProgramFiles%\One Identity\Defender\Security Server\Logs

Additionally, obtain user IDs of several affected users. These are required to locate information related to the affected users in the Defender log files. Make sure to obtain the user IDs, not the user names.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating