The purpose of this document is to walk you through the steps to enable verbose logging for Certificate Lifecycle Manager 2007 or FIM 2010 Certificate Manager. Verbose logging can be very beneficial when troubleshooting a CLM or FIMCM problem.

How to capture verbose logging

  1. Create a folder off of the root of drive C called Temp. (C:\Temp)
  2. Open a Windows Explorer window and navigate to %programfiles%\Microsoft Forefront Identity Manager\2010\Certificate Management\web (CLM 2007: %programfiles%\Microsoft Certificate Lifecycle Manager\web)
  3. Open web.config (XML Configuration File) in some sort of XML Editor

    *NOTE* XML Editor could be Notepad, Wordpad, Visual Studio, or some other XML editor

  4. Search for “Clm.TraceFile”
  5. You should land on this line <add key="Clm.TraceFile" value="c:\temp\clm.txt" />

    *NOTE* If you do not have a C:\Temp, then you will need to create the folder

  6. Look for TRACE SWITCHES
  7. You should see a section for <switches>. 
  8. Replace all of the values in the <switches> section from 0 to 4 and then save the file (Verbose Logging Disabled)(Verbose Logging Enabled)
  9. Execute an IISRESET
    1. Open a Command Prompt as Run As Administrator
    2. At the prompt type: IISRESET
  10. Reproduce the issue being experienced
  11. Go back to the web.config file and change the values from 4 back to 0 to disable verbose logging
  12. Execute an IISRESET
  13. Navigate to the C:\Temp folder

    *NOTE* You cannot move this file without stopping IIS. You can copy the file.

  14. Notice your clm.txt file is there and ready to review.

BEFORE – Verbose is not enabled

 <add name="Microsoft.Clm.Security.Principal" value="0" />
 <add name="Microsoft.Clm.Security.Principal.Logon" value="0" />
 <add name="Microsoft.Clm.Security.Authorization" value="0" />
 <add name="Microsoft.Clm.Security.Authorization.Ldap" value="0" />
 <add name="Microsoft.Clm.DS" value="0" />
 <add name="Microsoft.Clm.Web" value="0" />
 <add name="Microsoft.Clm.Web.Authentication" value="0" />
 <add name="Microsoft.Clm.Web.Authentication.Config" value="0" />
 <add name="Microsoft.Clm.BusinessLayer" value="0" />
 <add name="Microsoft.Clm.BusinessLayer.Authz" value="0" />
 <add name="Microsoft.Clm.BusinessLayer.SD" value="0" />
 <add name="Microsoft.Clm.BusinessLayer.Principal" value="0" />
 <add name="Microsoft.Clm.BusinessLayer.SmartCard" value="0" />
 <add name="Microsoft.Clm.BusinessLayer.Skg" value="0" />
 <add name="Microsoft.Clm.BusinessLayer.Events" value="0" />
 <add name="Microsoft.Clm.BusinessLayer.Encryption" value="0" />
 <add name="Microsoft.Clm.BusinessLayer.Caching" value="0" />
 <add name="Microsoft.Clm.NotificationSinks" value="0" /> 
 <add name="Microsoft.Clm.Common" value="0" />
 <add name="Microsoft.Clm.DataAccess" value="0" />
 <add name="Microsoft.Clm.DataAccess.Ldap" value="0" />

 AFTER – Verbose is enabled


 <add name="Microsoft.Clm.Security.Principal" value="4" />
 <add name="Microsoft.Clm.Security.Principal.Logon" value="4" />
 <add name="Microsoft.Clm.Security.Authorization" value="4" />
 <add name="Microsoft.Clm.Security.Authorization.Ldap" value="4" />
 <add name="Microsoft.Clm.DS" value="4" />
 <add name="Microsoft.Clm.Web" value="4" />
 <add name="Microsoft.Clm.Web.Authentication" value="4" />
 <add name="Microsoft.Clm.Web.Authentication.Config" value="4" />
 <add name="Microsoft.Clm.BusinessLayer" value="4" />
 <add name="Microsoft.Clm.BusinessLayer.Authz" value="4" />
 <add name="Microsoft.Clm.BusinessLayer.SD" value="4" />
 <add name="Microsoft.Clm.BusinessLayer.Principal" value="4" />
 <add name="Microsoft.Clm.BusinessLayer.SmartCard" value="4" />
 <add name="Microsoft.Clm.BusinessLayer.Skg" value="4" />
 <add name="Microsoft.Clm.BusinessLayer.Events" value="4" />
 <add name="Microsoft.Clm.BusinessLayer.Encryption" value="4" />
 <add name="Microsoft.Clm.BusinessLayer.Caching" value="4" />
 <add name="Microsoft.Clm.NotificationSinks" value="4" /> 
 <add name="Microsoft.Clm.Common" value="4" />
 <add name="Microsoft.Clm.DataAccess" value="4" />
 <add name="Microsoft.Clm.DataAccess.Ldap" value="4" />