Diagnostic logging for troubleshooting Workplace Join issues

Summary

To troubleshoot Workplace Join issues, collect and then review the information that's described in the "More Information" section.

More Information

Enable Workplace Join Debug logging by using Event Viewer

To enable administrative logging in Windows 7 and later versions of Windows, follow these steps:
  1. Start Event Viewer.
  2. Go to one of the following locations, as appropriate for your operating system:
    • Windows 7: Applications and Services Logs\Microsoft-WorkPlace Join
    • Windows 8.x: Applications and Service Logs\Microsoft\Windows\Workplace Join\Admin
    • Windows 10: Applications and Service Logs\Microsoft\Windows\Workplace Join\Admin

  3. Right-click the administrative log, and then click either the Enable Log or Disable Log value, as needed.

To enable Debug logging in Windows 7 only, follow these steps:
  1. Start Event Viewer.
  2. Click View, and then click Show Analytic and Debug Logs.
  3. Browse to the following location in Windows 7:

    Applications and Services Logs\Microsoft-WorkPlace Join
  4. Right-click the Debug log, and then select either the Enable Log or Disable Log value, as needed.

Network Capture

Start Network Capture, and then reproduce the issue.

Enable Capi2 logging

For information about how to enable Capi2 logging, go to the following Microsoft website:

This enables verbose logging in Applications and Services Logs/Microsoft/Windows/Capi2 in Event Viewer.

SSL certificate troubleshooting

To verify the Revocation Status against the certification authority (CA) database, run the following command:

Certutil.exe –isvalid Serialnumber
Note The SerialNumber placeholder is the serial number of the certificate that you want to verify, in hexadecimal format.

Verify that a certificate was issued by a specific CA

You can use the Certutil.exe tool to determine whether a certificate was issued by a specific CA. To verify the certificate, you must have the certificate that you want to verify and the CA certificate that you want to verify against as parameters. Use the following command syntax:

Certutil.exe –verify CertFile CaCertFile
This command requires that both the CA certificate and the issued certificate be PKCS#10 export files, not PKCS#7 certificate chains. When the command is run, it also verifies the revocation status of the end certificate. An error is returned if the certificate file does not contain CDP information, or if the URLs indicated in the CDP extension are unavailable.

Note If you do not include the CACertFile parameter, the Certutil tool will construct a certificate chain by using all available certificates that are installed on the computer.

Validate the validity and Revocation Status of a certificate

You can manually validate all aspects of a certificate's validity, including the AIA and CDP extensions for a specific certificate, by using the following Certutil syntax:

Certutil.exe –verify –urlfetch CertFile.crt
To run this command, you must have an exported version of the certificate in a DER-encoded format. Certutil will verify only the basic certificate location pointer and the CRL(s) for the AIA and CDP locations. The Windows Server 2003 version of Certutil.exe in the Windows Server 2003 administration tools pack supports this functionality. You can download it from the following Microsoft website:


Egenskaper

Artikel-id: 3045377 – senaste granskning 13 mars 2015 – revision: 1

Feedback