Description
This article describes the steps required to collect logs for the FortiAuthenticator OWA Agent and essential troubleshooting information.
Scope
FortiAuthenticator.
Solution
Key Logs to Collect:
To begin troubleshooting, ensure the following logs are collected:
- FortiAuthenticator IIS Agent Logs: Location: C:\Program Files\Fortinet\FortiAuthenticator IIS Agent\Web\bin\log
Log Files:
FAC_IIS_Agent.LoginForm_log.txt
FAC_IIS_Agent.Configuration_log.txt
- FortiAuthenticator Debug Logs: Access the following debug logs directly from the FortiAuthenticator web interface:
Troubleshooting Steps:
- Identify the Affected User: Before gathering logs, test with a user who has the problem.
- SSH into FortiAuthenticator: Establish an SSH session on a FortiAuthenticator device using an SSH client like PuTTY or any terminal tool.
- Enable Debugging: Once logged in via SSH, run the following commands to enable detailed debugging on the FortiAuthenticator:
diagnose system wad debug all
diagnose system wad debug pts enable
To stop debugging:
diagnose system wad debug clear
diagnose system wad debug pts clear
- Verify Debug Mode on the FortiAuthenticator Web Interface: Navigate to https://<FortiAuthenticator-IP>/debug/radius on the FortiAuthenticator Web Interface. Ensure that the 'DEBUGGING MODE ACTIVE' status is displayed in red. If it is not, select the 'Enter Debug Mode' button to activate debugging.
- Test Authentication Flows: Perform two different tests to gather relevant debug data:
For example:
- Test 1: Attempt an OWA login using the Push Notification. Note the time stamp.
- Test 2: Attempt an OWA login using the Manual Token. Note the time stamp.
- Attach Logs to the Support Ticket: After performing the tests, collect the following logs and attach them to the support ticket:
