Steps to collect logs for troubleshooting errors logging in to the Console when using Active Directory integration.

• App Control Server: All Supported Versions

Please confirm that the App Control service account has the permissions needed to access all Active Directory domains needed with this KB

1. Log in to the Console using the local "admin" user.
2. Navigate to > https://ServerName/Shepherd_Config.php > DebugConsoleCommunication > Set to: true > Change
3. Navigate to > https://ServerName/Support.php > Diagnostics tab
4. Click the "Snapshot Server Logs" button to flush the existing logs.
5. Set the following options: 
   • Logging Duration: 30 Minutes
   • Debug Level: Verbose
   • Reporter Log Level: Minimum(default)
   • Script Debug Level: Verbose
   • Active Directory Debug Level: Verbose (Available in version 8.9+)
6. Click Start Logging.
7. Reproduce the issue several times.
8. Go back to > Shepherd_Config.php > DebugConsoleCommunication > Set to: false > Change
9. Go back to > Support.php >  Diagnostics > select "Stop Logging"
10. On the Right side of the page > under Related Views > Select "Available Log Files".
11. Save the following files that have today's date:
    • AppControlAD-todays-date-time.log
    • ServerLog-todays-date-time.bt9
12. On the server navigate and copy this file: 

    \Program Files (x86)\Bit9\Parity Server\scripts\Adrules.xml
    

13. Please make screenshots of the following:
    • Settings > Login Account > User Role Mappings > Screenshot the page.
    • Settings > System Configuration > General Tab > Screenshot the page.
    • Open "AD Users and Computers" or use a tool like AD Explorer to locate the user/group within the AD tree.
    • Screenshot the page showing the AD path to said user/group.
14. Zip all collected data and provide to Support.