While trying to troubleshoot some application issues using SSL to connect to an ADLS/ADAM instance over LDAPS, I was curious if extended logging was available. A quick post to the ActiveDir.org mailing list provided this nugget of Active Directory goodness for future reference.
I thought I would post it here for my own reference, and for others.
Upon setting the EventLogging level to 7 for the sChannel provider I now get events logged such as:
Event Type: Information
Event Source: Schannel
Event Category: None
Event ID: 36880
Time: 1:28:53 PM
An SSL server handshake completed successfully. The negotiated cryptographic parameters are as follows.
Protocol: TLS (SSL 3.1)
Cipher strength: 128
Exchange strength: 2048
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Unfortunately I would have liked to see more detail during the SSL handshake be logged, but this was a big help.