To decode event trace files, you can use Tracefmt (tracefmt.exe). If you used the registry key settings shown in the previous table, look for the trace log files in the following locations: If you used Tracelog, look for the following log file in your current directory: kerb.etl/kdc.etl/ntlm.etl. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kdc HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0 You can also configure tracing by editing the Kerberos registry values shown in the following table.
Use the -s option to supply a computer name. The default location for logman.exe is %systemroot%system32\. To stop tracing from a remote computer, run this command: logman.exe -s. To stop tracing for the KDC, run the following command on the command line: To enable tracing for the KDC, run the following command on the command line: To stop tracing for Kerberos authentication, run this command: To enable tracing for Kerberos authentication, run this command: To stop tracing for NTLM authentication, run this command: To enable tracing for NTLM authentication, run the following command on the command line: Different components use different control GUIDs as explained in these examples. You can use the trace log tool in this SDK to debug Kerberos authentication failures. Windows Driver Kit (WDK) and Debugging Tools for Windows (WinDbg). You can use these resources to troubleshoot these protocols and the KDC: Kerberos protocol, KDC, and NTLM debugging and tracing Using WPP, use one of the following commands to stop the tracing: Using WPP, use one of the following commands to enable tracing: For more information, see Diagnostics with WPP - The NDIS blog. Logged messages can be converted to a human-readable trace of the operation. It provides a mechanism for the trace provider to log real-time binary messages. WPP simplifies tracing the operation of the trace provider. To delete a container, type certutil -delkey -csp "Microsoft Base Smart Card Crypto Provider" "". To find the container value, type certutil -scinfo. When you delete a certificate on the smart card, you're deleting the container for the certificate. Delete certificates on the smart cardĮach certificate is enclosed in a container. You can press ESC if you are prompted for a PIN. Entering a PIN is not required for this operation.
0 kommentar(er)
