How to enable Security for SharePoint diagnostic logging
Technical Articles ID:
KB58522
Last Modified: 12/14/2020
Environment
McAfee Security for Microsoft SharePoint (MSMS) 3.5
Microsoft Office SharePoint Server 2013, 2010, 2007
Summary
This article describes how to enable diagnostic logging for MSMS through the MSMS console and the ePolicy Orchestrator (ePO) console.
Solution
Enable debug logging using the MSMS console:
- If the server is managed by ePO, stop McAfee Framework Service. This step stops ePO policies from overwriting local settings.
- Click Start, All Programs, McAfee, McAfee Security for Microsoft SharePoint.
- To start the MSMS console, click MSMS (Mozilla UI) or MSMS (Web UI).
- Click Settings and Diagnostics in the left pane, and then click Diagnostics.
- In the right pane, under the Level drop-down list, select High.
- Select the Specify location for debug files checkbox.
- On Debug file location, the default selection is <Desktop>. Type a name for the folder in the textbox next to it. It holds the debug logs. For example:
<Desktop> MSMSDebugLog
- On the top left, click Apply, and then look on your Desktop for the folder called MSMSDebugLog.
To collect on-access scanner logs STS2Vsapi, the Application Pool account used for the SharePoint Central Administration site must have full permissions on the debug logs folder. This debug logs folder is specified in the Diagnostics section of MSMS Console:
- Open Windows Explorer, right-click the debug folder, and select Properties.
- Switch to the Security tab.
- If the account used by the previously mentioned application pool is not present, click Edit, Add.
- Type the account name and grant Full Permissions on the folder.
Extra steps to enable debug logging for troubleshooting on-demand scanner issues:
- Click Start, Run, type regedit and click OK.
- Navigate to one of the following locations:
- On 32-bit operating systems:
HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\McAfee PortalShield\trace
- On 64-bit operating systems:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\McAfee\McAfee PortalShield\trace
- Double-click the EnableWrapperLog entry and set the value to 1.
- Close the registry editor.
NOTE: To generate the on-demand scan logs successfully, the account specified for scanning the SharePoint databases during MSMS installation must have the rights on the debug logs folder. This account is the one used by the PsPickerX64Srv.exe module.
Try to reproduce the issue by performing the actions using the MSMS console. After you reproduce the issue, collect the following:
- The Debug logs folder specified above
- A full MER for McAfee Security for Microsoft SharePoint.
Additional information needed when troubleshooting MSMS issues with On-Demand and On-Access scanning features:
- Is your SharePoint installation standalone or Farm-based?
- How many servers are present in the Farm and what are their roles? (for example SharePoint Central Admin, Web Front End [WFE], Database Server, and so on)
- If using multiple servers such as in a Farm setup, briefly describe the topology.
- Which servers have the MSMS product installed?
- What version of MSMS is installed on the problem servers? See KB52484 to help with version identification.
- What is the version and edition of SQL Server used for the SharePoint installation and Configuration and Content databases? See the following Microsoft KB article to identify the version and edition details of SQL Server: http://support.microsoft.com/kb/321185.
Solution
Diagnostic logging in Security for SharePoint is normally enabled via the product user interface. If you can't load the Security for SharePoint console, you must enable diagnostic logging via the registry:
NOTE: The Security for SharePoint product still uses references to PortalShield, both in the registry and directory structure on the hard disk.
- If the server is managed by ePO, stop McAfee Framework Service. It stops ePO policies from overwriting local settings.
- Open Windows Explorer and create a folder where your diagnostic log files get stored.
For example: D:\PortalShieldLogs.
- Click Start, Run, type Regedit, and click OK.
- Navigate to one of the following locations:
- On 32-bit operating systems:
HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\McAfee PortalShield\trace
- On 64-bit operating systems:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\McAfee\McAfee PortalShield\trace
- Locate the Path string value. If it does not exist, right-click in the right pane and select New, String Value. Name the new value Path.
- Double-click Path and type the location of the folder you created in the Value data field.
For example:
D:\MSMSDebugLog.
NOTE: If the Path value data is omitted, the PortalShield diagnostic logs are written to the default folder: \Program Files\McAfee\McAfee PortalShield\bin.
- Click OK.
- Locate the Level DWORD value. (If it does not exist, right-click in the right pane and select New, DWORD Value. Name the new value Level.)
- Double-click Level and type 3 in the Value data field.
- Close the registry editor.
Steps to enable debug logging for troubleshooting on-demand scanner issues (Wrapper Logs):
- Make a note of the account used by the PSPickerx64srv module. (The RunScheduledx64.exe process is loaded under the PSPickerx64Srv module.) To generate the Wrapper Logs successfully, the account used by PSPickerx64srv must have the rights on the Debug Folder.
- To determine the account used by the PSPickerx64srv module, click Start, Run, type dcomcnfg.msc and click OK.
- In the Component Services window, expand Component Services, Computers, My Computer, DCOM Config.
- Locate PSPickerx64srv in the right pane, right-click it and select Properties.
- Switch to the Identity tab. The user account must be listed under This User.
- Click Start, Run, type Regedit and click OK.
- Navigate to the following location:
- On 32-bit operating systems:
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\McAfee PortalShield\trace]
- On 64-bit operating systems:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\McAfee\McAfee PortalShield\trace]
- Double-click EnableWrapperLog and set the value to 1.
- Close the registry editor.
NOTE: The Application Pool account used for the SharePoint Central Administration site must have full permissions on the debug logs folder specified above (in the example above it is D:\MSMSDebugLog).
- Open Windows Explorer, right-click the debug folder and select Properties. Click the Security tab.
- If the account used by the application pool is not present, click Edit and then click Add.
- Enter the account name and grant Full Permissions on the folder.
Try to reproduce the issue by performing the actions using the MSMS console. After you reproduce the issue, collect the following:
- Debug logs folder specified above
- A full MER for McAfee Security for Microsoft SharePoint.
IMPORTANT: To reduce the load on the server, disable diagnostic logging after all relevant logs have been captured or the issue has been resolved.
To disable diagnostic logging:
- Click Start, Run, type Regedit and click OK.
-
Navigate to the following location:
- On 32-bit operating systems:
HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\McAfee PortalShield\trace
- On 64-bit operating systems:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\McAfee\McAfee PortalShield\trace
- Double-click the Level DWORD value and set the Value data to 0.
- Close the registry editor
Solution
Enable debug logging using the ePO console:
NOTE: MSME 3.5 integrates with ePO server 4.6.8, 5.1.x, and 5.3
To configure debug log settings using the ePO console, do the following:
- From the MSMS user interface, click Setting & Diagnostics, Diagnostics.
- From the Debug Logging tab on the Diagnostics page, make the following selections:
- The level of information that must be captured in the debug log file.
- The maximum file size for each debug log file (1 KB to 2000 MB).
- The debug file location path where events triggered by the product can be stored.
- Click Apply to save the settings.
Previous Document ID
KB47226
|