How to enable Security for SharePoint diagnostic logging
Technical Articles ID:
KB58522
Last Modified: 2/6/2020
Environment
McAfee Security for Microsoft SharePoint (MSMS) 3.5, 3.0
Microsoft Office SharePoint Server 2013, 2010, 2007
Summary
This article describes methods for enabling diagnostic logging for MSMS through both the MSMS console and the ePolicy Orchestrator (ePO) console.
Solution
Enable debug logging using the MSMS console:
- If the server is managed by ePO, stop McAfee Framework Service. (This will stop ePO policies from overwriting local settings).
- Click Start, All Programs, McAfee, McAfee Security for Microsoft SharePoint.
- Click MSMS (Mozilla UI) or MSMS (Web UI) to start the MSMS console.
- Click Settings and Diagnostics in the left pane, and then click Diagnostics.
- In the right pane, under the Level drop-down list, select High.
- Select the Specify location for debug files check box.
- On Debug file location, the default selection is <Desktop>. Type a name for the folder in the text box next to it; this will hold the debug logs. For example:
<Desktop> MSMSDebugLog
- On the top left, click Apply, and then look on your Desktop for the folder called MSMSDebugLog.
To collect On-Access scanner logs (STS2Vsapi), the Application Pool account used for the SharePoint Central Administration site must have full permissions on the debug logs folder specified in the Diagnostics section of MSMS Console (as described above):
- Open Windows Explorer, right click the debug folder, and select Properties.
- Switch to the Security tab.
- If the account used by the previously mentioned application pool is not present, click Edit, Add.
- Type the account name and grant Full Permissions on the folder.
Additional steps to enable debug logging for troubleshooting On-Demand scanner issues:
- Click Start, Run, type Regedit and click OK.
- Navigate to one of the following locations:
- On 32-bit operating systems:
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\McAfee PortalShield\trace]
- On 64-bit operating systems:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\McAfee\McAfee PortalShield\trace]
- Double-click the EnableWrapperLog entry and set the value to 1.
- Close the registry editor.
NOTE: To be able to generate the On-Demand scan logs successfully, the account specified for scanning the SharePoint databases during MSMS installation must have the rights on the debug logs folder. This account is the one used by the PsPickerX64Srv.exe module.
Attempt to reproduce the issue by performing the actions using the MSMS console. When the issue is reproduced, collect the Debug logs folder specified above as well as a full MER for McAfee Security for Microsoft SharePoint.
Additional information needed when troubleshooting MSMS issues with On-Demand and On-Access scanning features:
- Is your SharePoint installation stand-alone or Farm-based?
- How many servers are present in the Farm and what are their roles? (for example SharePoint Central Admin, Web Front End [WFE], Database Server, and so on)
- If using multiple servers such as in a Farm setup, briefly describe the topology.
- Which servers have the MSMS product installed?
- What version of MSMS is installed on the problem server(s)? See KB52484 to help with version identification.
- What is the version and edition of SQL Server used for the SharePoint installation and Configuration and Content databases? See the following Microsoft KB article to help with identifying the version and edition details of SQL Server: http://support.microsoft.com/kb/321185.
Solution
Diagnostic logging in Security for SharePoint is normally enabled via the product user interface. If you cannot load the Security for SharePoint console, you must enable diagnostic logging via the registry:
NOTE: The Security for SharePoint product still uses references to PortalShield, both in the registry and in the directory structure on the hard disk.
- If the server is managed by ePO, stop McAfee Framework Service. (This will stop ePO policies from overwriting local settings).
- Open Windows Explorer and create a folder where your diagnostic log files will be stored.
For example: D:\PortalShieldLogs.
- Click Start, Run, type Regedit, and click OK.
- Navigate to one of the following locations:
- On 32-bit operating systems:
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\McAfee PortalShield\trace]
- On 64-bit operating systems:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\McAfee\McAfee PortalShield\trace]
- Locate the Path string value. If this does not exist, right-click in the right pane and select New, String Value. Name the new value Path.
- Double-click Path and type the location of the folder you created in the Value data field.
For example:
D:\MSMSDebugLog.
NOTE: If the Path value data is omitted, the PortalShield diagnostic logs will be written to the default folder: \Program Files\McAfee\McAfee PortalShield\bin.
- Click OK.
- Locate the Level DWORD value. (If this does not exist, right-click in the right pane and select New, DWORD Value. Name the new value Level.)
- Double-click Level and type 3 in the Value data field.
- Close the registry editor.
Steps to enable debug logging for troubleshooting On-Demand scanner issues (Wrapper Logs):
- Make a note of the account used by the PSPickerx64srv module. (The RunScheduledx64.exe process is loaded under the PSPickerx64Srv module.) To be able to generate the Wrapper Logs successfully, the account used by PSPickerx64srv should have the rights on the Debug Folder.
- To determine the account used by the PSPickerx64srv module, click Start, Run, type dcomcnfg.msc and click OK.
- In the Component Services window, expand Component Services, Computers, My Computer, DCOM Config.
- Locate PSPickerx64srv in the right pane, right click it and select Properties.
- Switch to the Identity tab. The user account should be listed under This User.
- Click Start, Run, type Regedit and click OK.
- Navigate to the following location:
- On 32-bit operating systems:
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\McAfee PortalShield\trace]
- On 64-bit operating systems:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\McAfee\McAfee PortalShield\trace]
- Double-click EnableWrapperLog and set the value to 1.
- Close the registry editor.
NOTE: The Application Pool account used for the SharePoint Central Administration site must have full permissions on the debug logs folder specified above (in the example above it is D:\MSMSDebugLog).
- Open Windows Explorer, right click the debug folder and select Properties. Click the Security tab.
- If the account used by the application pool is not present, click Edit and then click Add.
- Enter the account name and grant Full Permissions on the folder.
Attempt to reproduce the issue by performing the actions using the MSMS console. When the issue is reproduced, collect the Debug logs folder specified above as well as a full MER for McAfee Security for Microsoft SharePoint.
IMPORTANT: To reduce the load on the server, disable diagnostic logging after all relevant logs have been captured or the issue has been resolved.
To disable diagnostic logging:
- Click Start, Run, type Regedit and click OK.
-
Navigate to the following location:
- On 32-bit operating systems:
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\McAfee PortalShield\trace]
- On 64-bit operating systems:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\McAfee\McAfee PortalShield\trace]
- Double-click the Level DWORD value and set the Value data to 0.
- Close the registry editor
Solution
Enable debug logging using the ePO console:
NOTE: MSME 3.5 integrates with ePO server 4.6.8, 5.1.x, and 5.3
To configure debug log settings using the ePO console, do the following:
- From the MSMS user interface, click Setting & Diagnostics, Diagnostics.
- From the Debug Logging tab on the Diagnostics page, make the following selections:
- The level of information that should be captured in the debug log file.
- The maximum file size for each debug log file (1 KB to 2000 MB).
- The debug file location path where events triggered by the product can be stored.
- Click Apply to save the settings.
Previous Document ID
KB47226
|
