In AD FS 2.x, debug logging is not enabled by default, and there are specific instructions provided here which step through how to turn on various types of trace messages.

However, there may be times where customers are experiencing an AD FS exception, and their web passive client (browser) is landing on the AD FS error page with a generic error message. This article details how you can display exceptions on the error page, and also demonstrates how to obtain exception details, including stack trace information.

Steps



       1. Enable displayExceptions in the AD FS web.config file

a. In Windows Explorer, navigate to the Inetpub directory (typically C:\inetpub), and then navigate to \adfs\ls\

b. Open web.config in a text editor

c. Locate the following lines:

    <!--
      <add key="displayExceptions" />
    -->


d. Uncomment the displayExceptions key like this:

<add key="displayExceptions" />

e. Save and close web.config

2. Modify error.aspx.cs to show more exception detail

Note: You can see all possible exception properties here.

a. In Windows Explorer, navigate to the Inetpub directory (typically C:\inetpub) and then navigate to \adfs\ls\
b. Open error.aspx.cs in a text editor
c. Locate the following line:

ExceptionMessageLabel.Text = Exception != null ? Exception.Message : String.Empty;

d. Modify the line from step c to include additional Exception properties. For readability, the example below is concatenating strings by using a " - " separator:

ExceptionMessageLabel.Text = Exception != null ? Exception.HResult + " - " + Exception.InnerException + " - " + Exception.Message + " - " + Exception.StackTrace : String.Empty;

e. Save and close error.aspx.cs

3. Test by reproducing an error page. AD FS will now show exceptions on the error page, and will include the Exception properties you defined in step 2. d.