While trying to troubleshoot some application issues using SSL to connect to an ADLS/ADAM instance over LDAPS, I was curious if extended logging was available.  A quick post to the ActiveDir.org mailing list provided this nugget of Active Directory goodness for future reference.

 

I thought I would post it here for my own reference, and for others.

Directory Services Debug Logging Primer

 

Upon setting the EventLogging level to 7 for the sChannel provider I now get events logged such as:

Event Type:    Information
Event Source:    Schannel
Event Category:    None
Event ID:    36880
Date:        5/15/2008
Time:        1:28:53 PM
User:        N/A
Computer:    MYSERVER
Description:
An SSL server handshake completed successfully. The negotiated cryptographic parameters are as follows.

   Protocol: TLS (SSL 3.1)
   Cipher: RC4
   Cipher strength: 128
   MAC: MD5
   Exchange: RSA
   Exchange strength: 2048

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

 

Unfortunately I would have liked to see more detail during the SSL handshake be logged, but this was a big help.

Related posts:

  1. Logging the source IP of simple LDAP binds
  2. .NET Guides to Windows Security and Directory Services
  3. Enabling SPNEGO Logging in Windows
  4. Using JAVA code with Active Directory
  5. Searching Active Directory in Windows Vista