Download Active Directory SSO Log Files

After you use telnet to enable debug logging for the main components of your WatchGuard Single Sign-On (SSO) solution, you can download the diagnostic log files that are generated by each of your v11.9.3 and higher SSO components. The files available for each component depend on the diagnostic log data available for that component and can include the current log file, any backup log files, and any dump files for the component service. If an SSO component is not v11.9.3 or higher, the diagnostic log files cannot be downloaded for that component.

The files for each SSO component include:

SSO Agent

  • wagsvc.log file
  • wagsvc.log backup files
  • EventLogMonitors.xml
  • AdInfos.xml
  • wagsvc.exe dump files (maximum of two)

SSO Exchange Monitor

  • exchangemonitor.log
  • exchangemonitor.log backup files
  • exchangemonitor.exe dump files (maximum of two)
  • Microsoft Exchange Server IIS log files (maximum of five)

SSO Event Log Monitor

  • eventlogmonitor.log
  • eventlogmonitor.log backup files
  • eventlogmonitor.exe dump files (maximum of two)

SSO Client

  • wgssoclient_logfile.log
  • wgssoclient.exe dump files (maximum of two)

From the SSO Agent Configuration Tools dialog box, you can select how many diagnostic log files to download from each available SSO component. If you select to download more than one file, the additional files are the compressed backup diagnostic log files available for the selected component. All other diagnostic files for a component, as described in the previous lists for each component, are included with the downloaded files only if they are available, and do not count against the number of files you specified to download. If more than two dump files are available for a component, only the two most recent dump files are included with the downloaded files.

For example, if you select to download three files from the SSO Event Log Monitor component, the current eventlogmonitor.log file and two backup files are downloaded. If only one backup file is available, the current file and one backup file are downloaded. Because there are two eventlogmonitor.exe dump files available, they are also included with the downloaded files.

When you first open the Download Diagnostic Log Files dialog box, all components have a status of Available. After you click Download, the SSO Agent Configuration Tool contacts each component and verifies that diagnostic log files are available for each SSO component. If the status of a component changes to Unavailable, either the tool cannot connect to that component, or that component is not installed in your SSO solution.

To download SSO diagnostic log files:

  1. Select Start > WatchGuard > Authentication Gateway > WatchGuard SSO Agent Configuration Tool.
    The SSO Agent Configuration Tool login dialog box appears.
  2. In the User Name text box, type the administrator user name: admin.
  3. In the Password text box, type the administrator password: readwrite.
    The SSO Agent Configuration Tools dialog box appears.
  4. Select File > Download Diagnostic Log Files.
    The Download Diagnostic Log Files dialog box appears.

Screenshot of the Download Diagnostic Log Files dialog box.

  1. Select the check box for the SSO component log files to download:
    • SSO Agent
    • SSO Event Log Monitor
    • SSO Exchange Monitor
    • SSO Client
  2. If you select the SSO Client option, in the IP Address text box, type the IP address of the computer where the SSO Client is located.
  3. For the other SSO components, in the adjacent text boxes, type or select the number of log files to download for each component.
  4. Click Download.
    The diagnostic log files are collected from each selected component and downloaded to the computer where the SSO Agent is installed.

When you click Download, the SSO Agent contacts each of the components you selected to download the diagnostic log files you specified. The diagnostic log files are added to a single, compressed file with a name in this format:

Diagnostics_yyyy_MM-dd-HH-mm-ss.log.gz

For example:

Diagnostics_2014_08-31-11-48-45.log.gz

The compressed file is stored in the Diagnostics folder in the directory where the SSO Agent is installed. The default directory location is:

  • 64-bit (Exchange Monitor 64-bit only) — C:\Program Files (x86)\WatchGuard\WatchGuard Authentication Gateway\Diagnostics
  • 32-bit — C:\Program Files\WatchGuard\WatchGuard Authentication Gateway\Diagnostics

When the log file has successfully downloaded, Downloaded appears adjacent to the selected SSO components. If one of the components cannot be contacted, Unavailable appears adjacent to that component. If the log files cannot be downloaded from a selected component, Failed appears adjacent to that component.

Related Topics

About Active Directory Single Sign-On (SSO)

How Active Directory SSO Works

Troubleshoot Active Directory SSO

About SSO Log Files

Use Telnet to Debug the SSO Agent