How to gather debug logs for the Auth Connector
search cancel

How to gather debug logs for the Auth Connector

book

Article ID: 166947

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

In Cloud SWG, the Auth Connector debug logs are required to troubleshoot specific situations.  An example is Unauthenticated User shown in reports.

The Auth Connector logs are a record of the authentication activity.  This information is valuable for finding the root cause of a problem that is related to authentication or connectivity between the Auth Connector and the Cloud SWG service, or to the ACLogon not connecting.

These logs are important for the detailed insight they contain on the inner workings of the Auth Connector.

Resolution

Note: The following instructions apply to the Auth Connector versions 2.5 and 3.1. The service application files and ini files that are described in this documentation are located in the following default directories:
  • 2.5: C:\Program Files\Blue Coat Systems\BCCA
  • 3.1:  C:\Program Files\Symantec\AuthConn 

Gather the Debug Logs

Complete the following steps:

Step 1: Stop the BCCA/Auth Connector service

  • 2.5: bcca.exe 
  • 3.1: authconn.exe 

Step 2: Delete existing logs

(You might not have some of the listed logs.)

  • bcca-xxxx.log (2.5) or authconn-xxxx.log (3.1)
  • debug_dcq_primary_full.sso 
  • debug_dcq_primary_inc.sso 
  • dcq_primary_full.sso 
  • dcq_primary_inc.sso 

Step 3: Enable debug logging for the Auth Connector and SSO

Edit the BCCA.ini (2.5) or Authconn.ini (3.1) file and add or enable the following lines: 
 
[Debug]
DebugLevel=0xFFFFFFFF
 
Look for the following lines in the log file:
 
 
Edit the SSO.ini file for DCQ and add or enable the following line: 
 
[DCQSetup]
DCQDebug=1
 
Look for the following lines in the log file:
 
 
Edit the SSO.ini file for ACLogon and add or enable the following line: 
 
[CLSetup]
CLDebug=1
 
Look for the following lines in the log file:
 
 
Step 4: Restart the Auth Connector service
  • 2.5: bcca.exe 
  • 3.1: authconn.exe  
 
Step 5: Test user authentication
 
Let service run for 20 minutes. During this 20-minute window, perform the following steps:  
  1. With a specific user, map a drive to the AD server running the Auth Connector.
  2. At 5 minutes, access a blocked page and click More (to see if the user is Unauthenticated).
  3. At 20 minutes, access a blocked page (with the same user). Check if the user is authenticated now.
  4. Stop the service.
  5. If the user is not authenticated, record the Username and the IP address of the workstation here. You will send this information to Support.
Step 6: Gather logs for Support
 
Collect the following logs and send them to Support:
  • bcca-xxxx.log (2.5) or authconn-xxxx.log (3.1)
  • debug_dcq_primary_full.sso 
  • debug_dcq_primary_inc.sso 
  • bcca.ini or authconn.ini
  • sso.ini 
The following files are binary logs and are not required for Support assistance:
  • dcq_primary_full.sso 
  • dcq_primary_inc.sso 
 
Step 7: Disable the debug settings and restart the Auth Connector
 
Disable the debug settings that you enabled in step 3 and restart the Auth Connector.

Live Debugging Guide

Enable live debugging:

  1. Stop the Auth Connector service.
  2. To log authentication events and debug events in the server's event viewer, edit the bcca.ini (2.5) or authconn.ini (3.1) file:
    • Before: 'LogEventMask=1'
    • After:'LogEventMask=3'
  3. Start the service again. This starts logging of most of the errors you see in a common debug log.
  4. After troubleshooting, revert the changes; otherwise, you risk consuming disk space on unneeded logs.

After the live debug is enabled, go to the Event Viewer to check for useful events.

Under Windows Logs > Security, you might find logon events such as the following example. The subject is the Auth Connector user name (such as CONTOSO\srv.bluecoat), and the new logon is the user authenticating (such as CONTOSO\pam.receptionist).

You might choose to search for a particular user name and see if the logon was captured under the service's user name. Searching for CONTOSO\ladmin would yield a record similar to this one.

Events such as these are visible at Windows logs > Application; you can use the Event Viewer to diagnose them as you go.

These logs are not a substitute for the real debug logs, but they are helpful if you are working on a WebEx or have limited time to work on a server.

Additional Information

Application path change with newer Auth Connector installation.

Powered by Wolken Software