Last Updated: July 31, 2011

Office 365 AD FS 2.0 Monitoring Log

The AD FS 2.0 monitoring log file includes the following:

Tool Version Number

Identifies the version of the tool, so the user can take into account the version specific aspects when interpreting the log. For example, Version: 0.1.6.

Run Time Stamp

Identifies the time when the tool was run, using the machine's local time zone. For example, Time: 6/10/2011 3:51:09 AM.

Table of Contents

Lists the tests run, including their pass/fail status, and links to the details for each test. It also calls out whether the client is running the tool from inside or outside the Microsoft corpnet and lists any additional artifacts that might be useful for debugging. See the Attachments section (below) for additional detail.

For example, users may see a Table of Contents resembling the following:

Passing Tests

Verify Office 365 Registration (Test-01)

Verify that MEX can be retrieved from AD FS (Test-02)

Verify that Federation Metadata can be retrieved from AD FS (Test-03)

Verify passive login using Username/Password Auth (Test-05)

Verify active login using User Name and Password (mixed mode) (Test-06)

Verify active login to Office 365 using ADFS-issued token (Test-08)

Verify passive login to Office 365 using ADFS-issued token (Test-09)

Failing Tests

None

States

Client is on CorpNet: Off

Client is on the Internet: On

Attachments

User Environment (ENV-01)

User Credentials (CRED-01)

Domain Registration (REG-01)

MEX Document (MEX-01)

Federation Metadata Document (FM-01)

Web Response (WEB-01)

Security Token Response (RSTR-01)

Security Token Response (RSTR-02)

Security Token Response (RSTR-03)

Web Response (WEB-02)

Security Token Response (RSTR-04)

Console Output

Reproduces the exact console output for easier reference. The console output contains each test executed, as well as the steps included in the test and the status of the test results. For example:

CONSOLE OUTPUT

Verify_Office_365_Registration.png

1: (pass) Getting Registration for miticam@microsoft.com

Response Received

2: (pass) Analyzing Domain Registration

Verification Successful

Verify_that_MEX.png

1: (pass) Attempt to get MEX document from https://corp.sts.microsoft.com/adfs/services/trust/mex

Received: Internet-facing Proxy Mex Document

2: (pass) Analyzing MEX Document

Verification Successful

Verify_that_Federation_Metadata.png

Verify_passive_login.png

1: (pass) Attempting to login at https://corp.sts.microsoft.com/adfs/ls/

2: (pass) Extracting Token from Web Response

3: (pass) Analyzing Security Token Response

Verification Successful

4: (pass) Comparing Security Token Response vs Domain Registration

Verification Successful

Verify_active_login.png

1: (pass) Getting Registration for miticam@microsoft.com

2: (pass) Attempting to authenticate to https://corp.sts.microsoft.com/adfs/services/trust/2005/usernamemixed

3: (pass) Analyzing Security Token Response

Verification Successful

4: (pass) Comparing Security Token Response vs Domain Registration

Verification Successful

Verify_active_login_to_Office_365.png

1: (pass) Getting Registration for miticam@microsoft.com

2: (pass) Login to ADFS

3: (pass) Attempting to authenticate to https://login.microsoftonline.com/extSTS.srf

4: (pass) Analyzing Security Token Response

Verification Successful

5: (pass) Comparing Security Token Response vs Domain Registration

Verification Successful

Verify_passive_login_to_Office_365.png

1: (pass) Attempting to login at https://login.microsoftonline.com/

2: (pass) Extracting Token from Web Response

3: (pass) Analyzing Security Token Response

Verification Successful

4: (pass) Comparing Security Token Response vs Domain Registration

Verification Successful

Test Traces

Details the steps executed, their status, and any additional information that can be relevant for the test. This includes possible suggestions for the additional information on the test and possible solutions for the problem encountered. For example:

Test-01: Verify Office 365 Registration

---------------------------------------

> Using User Credentials [CRED-01]

> Test Started

> Executing Step: Getting Registration for miticam@microsoft.com

> Creating Domain Registration Request for User miticam@microsoft.com

> Sending Request to https://login.microsoftonline.com/getuserrealm.srf

> Received 1 Responses

> Added Attachment: Domain Registration (REG-01)

> Step Passed

> Test Completed (Pass)

> Analyzing Domain Registration (REG-01)

> Pass: Domain MICROSOFT.COM is a Federated Domain

> Pass: Valid Passive Login Url Found: https://corp.sts.microsoft.com/adfs/ls/

> Pass: Valid Active Login Url Found: https://corp.sts.microsoft.com/adfs/services/trust/2005/usernamemixed

> Pass: Valid ADFS Mex Url Found: https://corp.sts.microsoft.com/adfs/services/trust/mex

> Pass: User miticam@microsoft.com was recognized by OrgId

> Pass: The registered Signing Certificate () is valid through 9/20/2012

> Artifact Analysis passed verification

Attachments

Indicates for each of the sections the relevant additional information that can be useful to debug the test. For example:

EB-01: Web Response

--------------------

Response from https://corp.sts.microsoft.com/adfs/ls/?wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&whr=urn:federation:MSFT:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr">

<head><me …

Parsing the Log File

  1. In the Table of Contents, identify the failing tests. If no tests have failed, the ADFS/O365 integration is working fine.
  2. If any tests have failed, identify its moniker, located at the end of the line between round parenthesis in the format (Test-NN).
  3. Search in the log for the Test-NN string.
  4. Search for the test details section, which has a header like: Test-01: Verify Office 365 Registration
  1. Begin reading the details about the steps, their results, and the details in the section following the header. Continue until reaching the next similar header.
  2. Reading through the details may identify additional monikers in the format: CCC[C]-NN. These monikers indicate an additional artifact that can provide more details about the section. Users can jump directly to these artifacts by following  the same procedure used to reach this section (Steps 3-6 above).