Article ID: 2842997 - View products that this article applies to.
Expand all | Collapse all

INTRODUCTION

The Microsoft Office 365 Single Sign On (SSO) Diagnostic collects useful information and detects known configuration and use problems that are related to setting up and using single sign-on (also known as identity federation) together with Microsoft Office 365 and Microsoft Azure Active Directory (Azure AD).

MORE INFORMATION

This article describes the information that may be collected from a computer when the Office 365 Single Sign On (SSO) Diagnostic is run.

Information that is collected

AD FS summary
Collapse this tableExpand this table
DescriptionFile Name
Information about the Active Directory Federation Services (AD FS) role installation, configuration, and use (if AD FS is installed)ResultReport.xml


Event logs
Collapse this tableExpand this table
DescriptionFile Name
Event log (System): Text, csv and evtx formats (last seven days)<ComputerName>_evt_System.*
Event log (Application): Text, csv and evtx formats (last seven days)<ComputerName>_evt_Application.*
Event log (Security): Text, csv and evtx formats (last seven days)<ComputerName>_evt_Security.*
Event log (AD FS 2.0 Tracing): Text, csv and evtx formats (last seven days)<ComputerName>_evt_ADFS20Tracing-Debug.*
Event log (AD FS 2.0 Admin): Text, csv, evtx formats (last seven days)<ComputerName>_evt_ADFS20-Admin.*

Hotfixes
Collapse this tableExpand this table
DescriptionFile Name
Information about the hotfixes that are installed on the computer<ComputerName>__hotfixes.txt
Debug log entries from Windows Update<ComputerName>__WindowsUpdate.txt

IIS app pools
Collapse this tableExpand this table
DescriptionFile Name
An export of the Internet Information Services (IIS) application pools on the computer<ComputerName>__IIS_App_Pools.txt

IIS sites
Collapse this tableExpand this table
DescriptionFile Name
An export of the IIS sites on the computer<ComputerName>__IIS_Sites.txt


IIS SSL bindings
Collapse this tableExpand this table
DescriptionFile Name
A list of the Secure Sockets Layer (SSL) certificate bindings, and information about those certificates, to the sites on the computer<ComputerName>__IIS_SSL_Bindings.txt


IIS URL ACL
Collapse this tableExpand this table
DescriptionFile Name
An export of the website permissions that are set up for each site on the computer<ComputerName>__IIS_URL_ACL.txt


IIS web applications
Collapse this tableExpand this table
DescriptionFile Name
An export of the web applications and information about them<ComputerName>__IIS_Web_Applications.txt

IIS web handler
Collapse this tableExpand this table
DescriptionFile Name
An export of web handler information from the computer<ComputerName>__IIS_Web_Handler.txt

Hosts file
Collapse this tableExpand this table
DescriptionFile Name
The %systemroot%\system32\drivers\etc\hosts file. It contains DNS values to be preloaded to the cache.<ComputerName>_HOSTS_File.txt

AD FS file versions
Collapse this tableExpand this table
DescriptionFile Name
File version details of AD FS files – txt and csv formats (if AD FS is installed)<ComputerName>_symADFSFileVersions.*

Federation metadata
Collapse this tableExpand this table
DescriptionFile Name
The federation metadata configuration XML file of each federated trust that's set upFedMetaData_<trustname>.xml

AD FS attribute store
Collapse this tableExpand this table
DescriptionFile Name
The output of the Get-AdfsAttributeStore PowerShell cmdlet (if AD FS is installed)<ComputerName>_ADFS_AttributeStore.txt

AD FS certificate information
Collapse this tableExpand this table
DescriptionFile Name
The output of the Get-AdfsCertificate PowerShell cmdlet (if AD FS is installed)<ComputerName>_ADFS_Certificate.txt

AD FS certificate sharing store
Collapse this tableExpand this table
DescriptionFile Name
For AD FS servers in a farm, an LDAP query result that contains the permissions on the AD FS certificate sharing container (if AD FS is installed)<ComputerName>_ADFS_CertificateSharingContainer_ACL.txt

AD FS claim description
Collapse this tableExpand this table
DescriptionFile Name
An export of all claims that are set up on the AD FS server (if AD FS is installed)<ComputerName>_ADFS_ClaimDescription.txt

AD FS claims provider trust
Collapse this tableExpand this table
DescriptionFile Name
The output of the Get-AdfsClaimsProviderTrust PowerShell cmdlet (if AD FS is installed)<ComputerName>_ADFS_ClaimsProviderTrust.txt

AD FS LS folder contents
Collapse this tableExpand this table
DescriptionFile Name
Information about the files in the (default) c:\Inetpub\Adfs\Ls folder and subfolders (if AD FS is installed)<ComputerName>_ADFS_LS_Folder_Contents.txt

AD FS relying party trust
Collapse this tableExpand this table
DescriptionFile Name
The output of the Get-AdfsRelyingPartyTrust PowerShell cmdlet (if AD FS is installed)<ComputerName>_ADFS_RelyingPartyTrust.txt

AD FS AdfsSyncProperties
Collapse this tableExpand this table
DescriptionFile Name
The output of the Get-AdfsSyncProperties PowerShell cmdlet (if AD FS is installed)<ComputerName>_ADFS_SyncProperties.txt

AD FS attribute store
Collapse this tableExpand this table
DescriptionFile Name
The output of the Get-AdfsAttributeStore PowerShell cmdlet (if AD FS is installed)<ComputerName>_ADFS_AttributeStore.txt

AD FS registry values
Collapse this tableExpand this table
DescriptionFile Name
An export of the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\Services\Adfssrv key and its values (if AD FS is installed)<ComputerName>_ADFSSRV_REG.txt

AD FS additional registry values
Collapse this tableExpand this table
DescriptionFile Name
An export of the HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\UserExtendedProperties key and its values (if AD FS is installed)<ComputerName>_ADFS_ ADFSAdditionalRegVals.txt

AD FS Office 365 issuance authorization rules
Collapse this tableExpand this table
DescriptionFile Name
A text export of token issuance rules that are set up (if AD FS is installed)ADFS_ O365_ _IssuanceAuthorizationRules.txt

AD FS Office 365 issuance transform rules
Collapse this tableExpand this table
DescriptionFile Name
A text export of claim transform rules that are set up (if AD FS is installed)ADFS_ O365_ _IssuanceTransformRules.txt

AD FS certificates
Collapse this tableExpand this table
DescriptionFile Name
File export of the AD FS service communications certificate (if AD FS is installed)

Note Exported with public key only
ADFS_ServiceCommunications_Cert.cer
File export of the AD FS SSL certificate (if AD FS is installed)

Note Exported with public key only
ADFS_SSL_Cert.cer
File export of the ADFS token-signing certificate (if AD FS is installed)

Note Exported with public key only
ADFS_TokenSigning_Cert.cer
File export of the currently used Office 365 token-signing certificate

Note Exported with public key only
<Office365Domain>_Current_Signing_Cert.cer
File export of the next Office 365 token-signing certificate to be used

Note Exported with public key only
<Office365Domain>_Next_Signing_Cert.cer

Shibboleth certificates
Collapse this tableExpand this table
DescriptionFile Name
File export of the Shibboleth token-signing certificate (if Shibboleth is installed)

Note Exported with public key only
.cer
File export of the Shibboleth SSL certificate (if Shibboleth is installed)

Note Exported with public key only
Shibboleth_SSL_Certificate.cer
File export of the currently used Office 365 token-signing certificate

Note Exported with public key only
<Office365Domain>_Current_Signing_Cert.cer
File export of the next Office 365 token-signing certificate to be used

Note Exported with public key only
<Office365Domain>_Next_Signing_Cert.cer

Shibboleth attribute information
Collapse this tableExpand this table
DescriptionFile Name
Shibboleth attribute filter configuration (if Shibboleth is installed)Attribute-filter.xml
Shibboleth attribute resolver configuration (if Shibboleth is installed)Attribute-resolver.xml

Shibboleth metadata
Collapse this tableExpand this table
DescriptionFile Name
Shibboleth metadata configuration (if Shibboleth is installed)Downloaded-Metadata.xml
Office 365 metadata configuration (if Shibboleth is installed)MSO-FederationMetadata.xml
Logon handler file (if Shibboleth is installed)Handler.xml

Shibboleth configuration
Collapse this tableExpand this table
DescriptionFile Name
General configuration information about Shibboleth and Apache Tomcat (if Shibboleth is installed)<Date>_ShibbolethConfigurationData.txt

Shibboleth log files
Collapse this tableExpand this table
DescriptionFile Name
Shibboleth Idp-access.log. It logs every time that the IdP is accessed (if Shibboleth is installed).Idp-access.log
Shibboleth Idp-audit.log. It logs every time that the IdP sends data to a relying party (if Shibboleth is installed).Idp-audit.log
Shibboleth Idp-process.log. It logs usual-use informational data about the IdP (if Shibboleth is installed).Idp-process.log

Azure Active Directory (Azure AD) PowerShell debug logs
Collapse this tableExpand this table
DescriptionFile Name
Azure AD PowerShell debug log exceptions that occurred in the previous seven days (if the Azure Active Directory Module for Windows PowerShell is installed)<ComputerName>_MSOLPowerShellDebugLogs.zip
All Azure AD PowerShell debug log exceptions (if the Azure Active Directory Module for Windows PowerShell is installed)MSO_PowerShell_Debug_Log_Exceptions.csv
Last five Azure AD PowerShell debug log exceptions (if the Azure Active Directory Module for Windows PowerShell is installed)MSO_PowerShell_Debug_Log_Last_Five_Exceptions.csv

Microsoft Online Services Sign-in Assistant
Collapse this tableExpand this table
DescriptionFile Name
Microsoft Online Services Sign-In Assistant registry values that are located in the following registry key (if the Microsoft Online Services Sign-In Assistant is installed):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSOIdentityCRL
<ComputerName>_SignInAssistant.txt
Microsoft Online Services Sign-In Assistant file version information – in csv and txt format (if Microsoft Online Services Sign-In Assistant is installed)<ComputerName>_symMSOSignInAssistantFileVersions.*

Office 365 organization information
Collapse this tableExpand this table
DescriptionFile Name
Information about the Office 365 user, Office 365 licensing for that user, and information about the domains in the organization<ComputerName>_TenantInfo.txt

ResultReport.xml

Office 365 port query
Collapse this tableExpand this table
DescriptionFile Name
Port Query tests against known endpoints and ports for Office 365<ComputerName>_O365PortQry.txt

Additional Information

In addition to the files that are collected and are listed earlier in this article, this troubleshooter can detect one or more of the following:
  • Operating system name
  • Time zone
  • Last restart/uptime
  • Anti-Malware installed
  • User Account Control setting
  • User name logged on during data gathering
  • Computer model
  • Processor information
  • Computer domain name
  • Computer domain role
  • Physical memory
  • Process summary
  • Top memory usage statistics

REFERENCES

For more information, see the following Microsoft Knowledge Base article:
926079 Frequently asked questions about the Microsoft Support Diagnostic Tool (MSDT)
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

Still need help? Go to the Office 365 Community website or the Azure Active Directory Forums website.

Properties

Article ID: 2842997 - Last Review: July 15, 2014 - Revision: 10.0
Applies to
  • Microsoft Azure
  • Microsoft Azure Active Directory
  • Microsoft Office 365
  • Windows Intune
  • CRM Online via Office 365 E Plans
  • Microsoft Azure Recovery Services
  • Office 365 Identity Management
Keywords: 
o365 o365e o365a o365m o365022013 kb3rdparty KB2842997

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com