To troubleshoot Workplace Join issues, collect and then review the information that's described in the "More Information" section.
Enable Workplace Join Debug logging by using Event ViewerTo enable administrative logging in Windows 7 and later versions of Windows, follow these steps:
- Start Event Viewer.
- Go to one of the following locations, as appropriate for your operating system:
- Windows 7: Applications and Services Logs\Microsoft-WorkPlace Join
- Windows 8.x: Applications and Service Logs\Microsoft\Windows\Workplace Join\Admin
- Windows 10: Applications and Service Logs\Microsoft\Windows\Workplace Join\Admin
- Right-click the administrative log, and then click either the Enable Log or Disable Log value, as needed.
To enable Debug logging in Windows 7 only, follow these steps:
- Start Event Viewer.
- Click View, and then click Show Analytic and Debug Logs.
- Browse to the following location in Windows 7:Applications and Services Logs\Microsoft-WorkPlace Join
- Right-click the Debug log, and then select either the Enable Log or Disable Log value, as needed.
Network CaptureStart Network Capture, and then reproduce the issue.
Enable Capi2 loggingFor information about how to enable Capi2 logging, go to the following Microsoft website:
SSL certificate troubleshootingTo verify the Revocation Status against the certification authority (CA) database, run the following command:
Certutil.exe –isvalid SerialnumberNote The SerialNumber placeholder is the serial number of the certificate that you want to verify, in hexadecimal format.
Verify that a certificate was issued by a specific CAYou can use the Certutil.exe tool to determine whether a certificate was issued by a specific CA. To verify the certificate, you must have the certificate that you want to verify and the CA certificate that you want to verify against as parameters. Use the following command syntax:
Certutil.exe –verify CertFile CaCertFileThis command requires that both the CA certificate and the issued certificate be PKCS#10 export files, not PKCS#7 certificate chains. When the command is run, it also verifies the revocation status of the end certificate. An error is returned if the certificate file does not contain CDP information, or if the URLs indicated in the CDP extension are unavailable.
Note If you do not include the CACertFile parameter, the Certutil tool will construct a certificate chain by using all available certificates that are installed on the computer.
Validate the validity and Revocation Status of a certificateYou can manually validate all aspects of a certificate's validity, including the AIA and CDP extensions for a specific certificate, by using the following Certutil syntax:
Certutil.exe –verify –urlfetch CertFile.crtTo run this command, you must have an exported version of the certificate in a DER-encoded format. Certutil will verify only the basic certificate location pointer and the CRL(s) for the AIA and CDP locations. The Windows Server 2003 version of Certutil.exe in the Windows Server 2003 administration tools pack supports this functionality. You can download it from the following Microsoft website: