While trying to troubleshoot some application issues using SSL to connect to an ADLS/ADAM instance over LDAPS, I was curious if extended logging was available.  A quick post to the ActiveDir.org mailing list provided this nugget of Active Directory goodness for future reference.


I thought I would post it here for my own reference, and for others.

Directory Services Debug Logging Primer


Upon setting the EventLogging level to 7 for the sChannel provider I now get events logged such as:

Event Type:    Information
Event Source:    Schannel
Event Category:    None
Event ID:    36880
Date:        5/15/2008
Time:        1:28:53 PM
User:        N/A
Computer:    MYSERVER
An SSL server handshake completed successfully. The negotiated cryptographic parameters are as follows.

   Protocol: TLS (SSL 3.1)
   Cipher: RC4
   Cipher strength: 128
   MAC: MD5
   Exchange: RSA
   Exchange strength: 2048

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Unfortunately I would have liked to see more detail during the SSL handshake be logged, but this was a big help.