How to enable Schannel event logging in IIS

Article translations Article translations
Article ID: 260729 - View products that this article applies to.
This article was previously published under Q260729
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/prodtech/IIS.mspx
For more information about IIS 7.0, visit the following Microsoft Web site:
http://www.iis.net/default.aspx?tabid=1

Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows registry
Expand all | Collapse all

On This Page

Summary

When you enable Schannel event logging on a computer that is running Microsoft Windows NT Server 4.0, Microsoft Windows 2000 Server, Microsoft Windows XP Professional, Microsoft Windows Server 2003, Microsoft Windows Server 2008, or Microsoft Windows Server 2008 R2, detailed information from Schannel events can be written to the Event Viewer logs, in particular the System event log. This article describes how to enable and configure Schannel event logging. 

Enable logging

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Note This registry key is present already in Windows 2000 and XP Professional.
  1. Start Registry Editor. To do this, click Start, click Run, type regedt32, and then click OK.
  2. Locate the following key in the registry:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL
  3. On the Edit menu, click Add Value, and then add the following registry value:
    Value Name: EventLogging
    Data Type: REG_DWORD
    Note After you add this property, you must give it a value. See the table in the "Logging options" section to obtain the appropriate value for the kind of events that you want to log.
  4. Exit Registry Editor.
  5. Click Start, click Shut Down, click to select Restart, and then click OK to restart the computer. (Logging does not take effect until after you restart the computer).

Logging options

The default value for Schannel event logging is 0x0000 in Windows NT Server 4.0, which means that no Schannel events are logged. In Windows 2000 Server and Windows XP Professional, this value is set to 0x0001, which means that error messages are logged. Additionally, you can log multiple events by specifying the hexadecimal value that equates to the logging options that you want. For example, to log error messages (0x0001) and warnings (0x0002), set the value to 0x0003.
Collapse this tableExpand this table
ValueDescription
0x0000Do not log
0x0001Log error messages
0x0002Log warnings
0x0004Log informational and success events

Properties

Article ID: 260729 - Last Review: September 25, 2012 - Revision: 8.0
Applies to
  • Microsoft Internet Information Services 8.0
  • Microsoft Internet Information Services 7.5
  • Microsoft Internet Information Services 7.0
  • Microsoft Internet Information Services 6.0
  • Microsoft Internet Information Services 5.1
  • Microsoft Internet Information Services 5.0
  • Microsoft Internet Information Server 4.0
Keywords: 
kbhowtomaster KB260729

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com