How to Capture a Verbose Log for CLM or FIM CM

How to Capture a Verbose Log for CLM or FIM CM


The purpose of this document is to walk you through the steps to enable verbose logging for Certificate Lifecycle Manager 2007 or FIM 2010 Certificate Manager.  Verbose logging can be very beneficial when troubleshooting a CLM or FIMCM problem.


  1. Create a folder off of the root of drive C called Temp.  (C:\Temp)
  2. Open a Windows Explorer window and navigate to %programfiles%\Microsoft Forefront Identity Manager\2010\Certificate Management\web (CLM 2007: %programfiles%\Microsoft Certificate Lifecycle Manager\web)
  3. Open web.config (XML Configuration File) in some sort of XML Editor
    *NOTE* XML Editor could be Notepad, Wordpad, Visual Studio, or some other XML editor
  4. Search for “Clm.TraceFile”
  5. You should land on this line         <add key="Clm.TraceFile" value="c:\temp\clm.txt" />
    *NOTE* If you do not have a C:\Temp, then you will need to create the folder
  6. Look for TRACE SWITCHES
  7. You should see a section for <switches>
  8. Replace all of the values in the <switches> section from 0 to 4 and then save the file (Verbose Logging Disabled)(Verbose Logging Enabled)
  9. Execute an IISRESET
    1. Open a Command Prompt as Run As Administrator
    2. At the prompt type: IISRESET
  10. Reproduce the issue being experienced
  11. Go back to the web.config file and change the values from 4 back to 0 to disable verbose logging
  12. Execute an IISRESET
  13. Navigate to the C:\Temp folder
    *NOTE* You cannot move this file without stopping IIS.  You can copy the file.
  14. Notice your clm.txt file is there and ready to review.

BEFORE – Verbose is not enabled

          <add name="Microsoft.Clm.Security.Principal" value="0" />
          <add name="Microsoft.Clm.Security.Principal.Logon" value="0" />
          <add name="Microsoft.Clm.Security.Authorization" value="0" />
          <add name="Microsoft.Clm.Security.Authorization.Ldap" value="0" />
          <add name="Microsoft.Clm.DS" value="0" />
          <add name="Microsoft.Clm.Web" value="0" />
          <add name="Microsoft.Clm.Web.Authentication" value="0" />
          <add name="Microsoft.Clm.Web.Authentication.Config" value="0" />
          <add name="Microsoft.Clm.BusinessLayer" value="0" />
          <add name="Microsoft.Clm.BusinessLayer.Authz" value="0" />
          <add name="Microsoft.Clm.BusinessLayer.SD" value="0" />
          <add name="Microsoft.Clm.BusinessLayer.Principal" value="0" />
          <add name="Microsoft.Clm.BusinessLayer.SmartCard" value="0" />          
          <add name="Microsoft.Clm.BusinessLayer.Skg" value="0" />
          <add name="Microsoft.Clm.BusinessLayer.Events" value="0" />            
          <add name="Microsoft.Clm.BusinessLayer.Encryption" value="0" />            
          <add name="Microsoft.Clm.BusinessLayer.Caching" value="0" />            
          <add name="Microsoft.Clm.NotificationSinks" value="0" />   
          <add name="Microsoft.Clm.Common" value="0" />          
          <add name="Microsoft.Clm.DataAccess" value="0" />
          <add name="Microsoft.Clm.DataAccess.Ldap" value="0" />
AFTER – Verbose is enabled


          <add name="Microsoft.Clm.Security.Principal" value="4" />
          <add name="Microsoft.Clm.Security.Principal.Logon" value="4" />
          <add name="Microsoft.Clm.Security.Authorization" value="4" />
          <add name="Microsoft.Clm.Security.Authorization.Ldap" value="4" />
          <add name="Microsoft.Clm.DS" value="4" />
          <add name="Microsoft.Clm.Web" value="4" />
          <add name="Microsoft.Clm.Web.Authentication" value="4" />
          <add name="Microsoft.Clm.Web.Authentication.Config" value="4" />
          <add name="Microsoft.Clm.BusinessLayer" value="4" />
          <add name="Microsoft.Clm.BusinessLayer.Authz" value="4" />
          <add name="Microsoft.Clm.BusinessLayer.SD" value="4" />
          <add name="Microsoft.Clm.BusinessLayer.Principal" value="4" />
          <add name="Microsoft.Clm.BusinessLayer.SmartCard" value="4" />          
          <add name="Microsoft.Clm.BusinessLayer.Skg" value="4" />
          <add name="Microsoft.Clm.BusinessLayer.Events" value="4" />            
          <add name="Microsoft.Clm.BusinessLayer.Encryption" value="4" />            
          <add name="Microsoft.Clm.BusinessLayer.Caching" value="4" />            
          <add name="Microsoft.Clm.NotificationSinks" value="4" />   
          <add name="Microsoft.Clm.Common" value="4" />          
          <add name="Microsoft.Clm.DataAccess" value="4" />
          <add name="Microsoft.Clm.DataAccess.Ldap" value="4" />




Sort by: Published Date | Most Recent | Most Useful
  • Could some additional details be added to the article to help line up some of the commonly recurring trace events with their respective setting.  One example: microsoft.clm.businesslayer.useridentity events running the get_IsAuthenticated() function.  It would be good if we can filter out some noise while still having a good idea when users are performing operations.

Page 1 of 1 (1 items)