How to Enable Windows CAPI2 logging
search cancel

How to Enable Windows CAPI2 logging


Article ID: 234861


Updated On:


Endpoint Protection Endpoint Security


You would like to enable CAPI2 logging for troubleshooting a certificate issue. CAPI2 Diagnostics feature provides administrators with an ability to troubleshoot PKI problems by collecting detailed information about certificate chain validation, certificate store operations and signature verification.



  1. Launch the Microsoft Event Viewer: Start -> Run -> eventvwr.exe
  2. Under Event Viewer (Local) expand “Applications and Services Logs
  3. Expand “Microsoft
  4. Expand “Windows
  5. Expand “CAPI2
  6. Right Click on “Operational” and select “Enable Log

Note: For CAPI2 Diagnostics, the log tends to grow in size quickly and it is recommended to increase the log size to at least 4 MB to capture relevant events. To increase the log size, right-click Operational, and click Properties. In the log properties, increase the Maximum log size (KB) to 4096.  You might consider disabling CAPI2 logging after sufficient data has been gathered. 

Additional Information

For more information on CAPI2 logging, please review the Microsoft article: