Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

[SDP 3] [3848b234-5336-4722-8cb8-b062addb4ebc] Office 365 Single Sign On (SSO) Diagnostic


View products that this article applies to.

Introduction

The Microsoft Office 365 Single Sign On (SSO) Diagnostic collects useful information and detects known configuration and use problems that are related to setting up and using single sign-on (also known as identity federation) together with Microsoft Office 365 and Microsoft Azure Active Directory (Azure AD).

↑ Back to the top


More information

This article describes the information that may be collected from a computer when the Office 365 Single Sign On (SSO) Diagnostic is run.

Information that is collected

AD FS summary
DescriptionFile Name
Information about the Active Directory Federation Services (AD FS) role installation, configuration, and use (if AD FS is installed)ResultReport.xml


Event logs
DescriptionFile Name
Event log (System): Text, csv and evtx formats (last seven days)<ComputerName>_evt_System.*
Event log (Application): Text, csv and evtx formats (last seven days)<ComputerName>_evt_Application.*
Event log (Security): Text, csv and evtx formats (last seven days)<ComputerName>_evt_Security.*
Event log (AD FS 2.0 Tracing): Text, csv and evtx formats (last seven days)<ComputerName>_evt_ADFS20Tracing-Debug.*
Event log (AD FS 2.0 Admin): Text, csv, evtx formats (last seven days)<ComputerName>_evt_ADFS20-Admin.*

Hotfixes
DescriptionFile Name
Information about the hotfixes that are installed on the computer<ComputerName>__hotfixes.txt
Debug log entries from Windows Update<ComputerName>__WindowsUpdate.txt

IIS app pools
DescriptionFile Name
An export of the Internet Information Services (IIS) application pools on the computer<ComputerName>__IIS_App_Pools.txt

IIS sites
DescriptionFile Name
An export of the IIS sites on the computer<ComputerName>__IIS_Sites.txt


IIS SSL bindings
DescriptionFile Name
A list of the Secure Sockets Layer (SSL) certificate bindings, and information about those certificates, to the sites on the computer<ComputerName>__IIS_SSL_Bindings.txt


IIS URL ACL
DescriptionFile Name
An export of the website permissions that are set up for each site on the computer<ComputerName>__IIS_URL_ACL.txt


IIS web applications
DescriptionFile Name
An export of the web applications and information about them<ComputerName>__IIS_Web_Applications.txt

IIS web handler
DescriptionFile Name
An export of web handler information from the computer<ComputerName>__IIS_Web_Handler.txt

Hosts file
DescriptionFile Name
The %systemroot%\system32\drivers\etc\hosts file. It contains DNS values to be preloaded to the cache.<ComputerName>_HOSTS_File.txt

AD FS file versions
DescriptionFile Name
File version details of AD FS files � txt and csv formats (if AD FS is installed)<ComputerName>_symADFSFileVersions.*

Federation metadata
DescriptionFile Name
The federation metadata configuration XML file of each federated trust that's set upFedMetaData_<trustname>.xml

AD FS attribute store
DescriptionFile Name
The output of the Get-AdfsAttributeStore PowerShell cmdlet (if AD FS is installed)<ComputerName>_ADFS_AttributeStore.txt

AD FS certificate information
DescriptionFile Name
The output of the Get-AdfsCertificate PowerShell cmdlet (if AD FS is installed)<ComputerName>_ADFS_Certificate.txt

AD FS certificate sharing store
DescriptionFile Name
For AD FS servers in a farm, an LDAP query result that contains the permissions on the AD FS certificate sharing container (if AD FS is installed)<ComputerName>_ADFS_CertificateSharingContainer_ACL.txt

AD FS claim description
DescriptionFile Name
An export of all claims that are set up on the AD FS server (if AD FS is installed)<ComputerName>_ADFS_ClaimDescription.txt

AD FS claims provider trust
DescriptionFile Name
The output of the Get-AdfsClaimsProviderTrust PowerShell cmdlet (if AD FS is installed)<ComputerName>_ADFS_ClaimsProviderTrust.txt

AD FS LS folder contents
DescriptionFile Name
Information about the files in the (default) c:\Inetpub\Adfs\Ls folder and subfolders (if AD FS is installed)<ComputerName>_ADFS_LS_Folder_Contents.txt

AD FS relying party trust
DescriptionFile Name
The output of the Get-AdfsRelyingPartyTrust PowerShell cmdlet (if AD FS is installed)<ComputerName>_ADFS_RelyingPartyTrust.txt

AD FS AdfsSyncProperties
DescriptionFile Name
The output of the Get-AdfsSyncProperties PowerShell cmdlet (if AD FS is installed)<ComputerName>_ADFS_SyncProperties.txt

AD FS attribute store
DescriptionFile Name
The output of the Get-AdfsAttributeStore PowerShell cmdlet (if AD FS is installed)<ComputerName>_ADFS_AttributeStore.txt

AD FS registry values
DescriptionFile Name
An export of the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\Services\Adfssrv key and its values (if AD FS is installed)<ComputerName>_ADFSSRV_REG.txt

AD FS additional registry values
DescriptionFile Name
An export of the HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\UserExtendedProperties key and its values (if AD FS is installed)<ComputerName>_ADFS_ ADFSAdditionalRegVals.txt

AD FS Office 365 issuance authorization rules
DescriptionFile Name
A text export of token issuance rules that are set up (if AD FS is installed)ADFS_ O365_ _IssuanceAuthorizationRules.txt

AD FS Office 365 issuance transform rules
DescriptionFile Name
A text export of claim transform rules that are set up (if AD FS is installed)ADFS_ O365_ _IssuanceTransformRules.txt

AD FS certificates
DescriptionFile Name
File export of the AD FS service communications certificate (if AD FS is installed)

Note Exported with public key only
ADFS_ServiceCommunications_Cert.cer
File export of the AD FS SSL certificate (if AD FS is installed)

Note Exported with public key only
ADFS_SSL_Cert.cer
File export of the ADFS token-signing certificate (if AD FS is installed)

Note Exported with public key only
ADFS_TokenSigning_Cert.cer
File export of the currently used Office 365 token-signing certificate

Note Exported with public key only
<Office365Domain>_Current_Signing_Cert.cer
File export of the next Office 365 token-signing certificate to be used

Note Exported with public key only
<Office365Domain>_Next_Signing_Cert.cer

Shibboleth certificates
DescriptionFile Name
File export of the Shibboleth token-signing certificate (if Shibboleth is installed)

Note Exported with public key only
.cer
File export of the Shibboleth SSL certificate (if Shibboleth is installed)

Note Exported with public key only
Shibboleth_SSL_Certificate.cer
File export of the currently used Office 365 token-signing certificate

Note Exported with public key only
<Office365Domain>_Current_Signing_Cert.cer
File export of the next Office 365 token-signing certificate to be used

Note Exported with public key only
<Office365Domain>_Next_Signing_Cert.cer

Shibboleth attribute information
DescriptionFile Name
Shibboleth attribute filter configuration (if Shibboleth is installed)Attribute-filter.xml
Shibboleth attribute resolver configuration (if Shibboleth is installed)Attribute-resolver.xml

Shibboleth metadata
DescriptionFile Name
Shibboleth metadata configuration (if Shibboleth is installed)Downloaded-Metadata.xml
Office 365 metadata configuration (if Shibboleth is installed)MSO-FederationMetadata.xml
Logon handler file (if Shibboleth is installed)Handler.xml

Shibboleth configuration
DescriptionFile Name
General configuration information about Shibboleth and Apache Tomcat (if Shibboleth is installed)<Date>_ShibbolethConfigurationData.txt

Shibboleth log files
DescriptionFile Name
Shibboleth Idp-access.log. It logs every time that the IdP is accessed (if Shibboleth is installed).Idp-access.log
Shibboleth Idp-audit.log. It logs every time that the IdP sends data to a relying party (if Shibboleth is installed).Idp-audit.log
Shibboleth Idp-process.log. It logs usual-use informational data about the IdP (if Shibboleth is installed).Idp-process.log

Azure Active Directory (Azure AD) PowerShell debug logs
DescriptionFile Name
Azure AD PowerShell debug log exceptions that occurred in the previous seven days (if the Azure Active Directory Module for Windows PowerShell is installed)<ComputerName>_MSOLPowerShellDebugLogs.zip
All Azure AD PowerShell debug log exceptions (if the Azure Active Directory Module for Windows PowerShell is installed)MSO_PowerShell_Debug_Log_Exceptions.csv
Last five Azure AD PowerShell debug log exceptions (if the Azure Active Directory Module for Windows PowerShell is installed)MSO_PowerShell_Debug_Log_Last_Five_Exceptions.csv

Microsoft Online Services Sign-in Assistant
DescriptionFile Name
Microsoft Online Services Sign-In Assistant registry values that are located in the following registry key (if the Microsoft Online Services Sign-In Assistant is installed):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSOIdentityCRL
<ComputerName>_SignInAssistant.txt
Microsoft Online Services Sign-In Assistant file version information � in csv and txt format (if Microsoft Online Services Sign-In Assistant is installed)<ComputerName>_symMSOSignInAssistantFileVersions.*

Office 365 organization information
DescriptionFile Name
Information about the Office 365 user, Office 365 licensing for that user, and information about the domains in the organization<ComputerName>_TenantInfo.txt

ResultReport.xml

Office 365 port query
DescriptionFile Name
Port Query tests against known endpoints and ports for Office 365<ComputerName>_O365PortQry.txt

Additional Information

In addition to the files that are collected and are listed earlier in this article, this troubleshooter can detect one or more of the following:
  • Operating system name
  • Time zone
  • Last restart/uptime
  • Anti-Malware installed
  • User Account Control setting
  • User name logged on during data gathering
  • Computer model
  • Processor information
  • Computer domain name
  • Computer domain role
  • Physical memory
  • Process summary
  • Top memory usage statistics

↑ Back to the top


References

For more information, see the following Microsoft Knowledge Base article:
926079 Frequently asked questions about the Microsoft Support Diagnostic Tool (MSDT)
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

↑ Back to the top



Still need help? Go to the Office 365 Community website or the Azure Active Directory Forums website.

↑ Back to the top


Keywords: o365, o365e, o365a, o365m, o365022013, kb3rdparty, KB2842997

↑ Back to the top

Article Info
Article ID : 2842997
Revision : 14
Created on : 12/22/2014
Published on : 12/22/2014
Exists online : False
Views : 658