Contents x
    Enabling MFA Server Logs
    • 25 May 2023
    • 2 Minutes to read
    • Contributors
    • Print
    • Dark
      Light
    Contents

    Enabling MFA Server Logs

    • Updated on 25 May 2023
    • 2 Minutes to read
    • Contributors
    • Print
    • Dark
      Light
    Article summary

    The following PowerShell script can be run to enable or disable your MFA server's logs. It will flip the logging flag in all four of our config files and perform an IIS reset each time this script is run.

    Upgrading Your MFA Server

    If your MFA server is not up to version 4.9.5.1 or later, it is strongly recommended to upgrade. Please see our server upgrade information page for more information.

    4.9.4.6 or lower "2FAONELog" locations:

    C:\Program Files\2FA\ONE Server\website
    C:\Program Files\2FA\ONE Server\servicesite
    C:\Program Files\2FA\ONE Server\restservices
    C:\Program Files\2FA\ONE Server\api\

    4.9.5.1 or higher logs location:

    C:\ProgramData\IdentityAutomation\MFA Server


    Manual Method

    1. Open Notepad "as administrator".
    2. Open the file(s):
      C:\Program Files\Identity Automation\RapidIdentity MFA\WebSite\web.config
      C:\Program Files\Identity Automation\RapidIdentity MFA\ServiceSite\web.config
      C:\Program Files\Identity Automation\RapidIdentity MFA\RestServices\web.config
      C:\Program Files\Identity Automation\RapidIdentity MFA\Api\web.config
    What Logs Do You Need?

    Enabling all of these logs are not always necessary. Depending on the issue at hand, you may only need one to two files changed instead of all four.

    WebSite: issues with the ONE portal
    ServiceSite: issues with computer client communications, connections and activity
    RestServices: issues with mobile communications, connections and activity
    API: issues with the Self Service Portal

    1. In each file, use Ctrl+f to find "switchValue".

    2. By default, this setting is "Off". Update the value to "All".
      updateToAll.png

    3. Once updated, save your changes.

    4. Perform an iisreset.

    Powershell Script Method

    Enable-DisableMFAServerLogs.ps1 


    ####################################
## Enable/Disable MFA Server Logs ##
####################################

clear

$logOn = 'All'
$logOff = 'Off'

Write-Output "####################################`n## Enable/Disable MFA Server Logs ##`n####################################`n"
Start-Sleep -Seconds 1
Write-Output "What version is your MFA server?`n4946 or lower [0]`n4951 or newer [1]"
$version = Read-host “Enter choice”

# begin Switch Case to select version and set config variables appropriately
Switch ($version) {
	
	# case 0 = 4946 or lower
	0 {
		$webConfig = 'C:\Program Files\2FA\ONE Server\website\web.config'
		$serviceSiteConfig = 'C:\Program Files\2FA\ONE Server\servicesite\web.config'
		$restServicesConfig = 'C:\Program Files\2FA\ONE Server\restservices\web.config'
		$apiConfig = 'C:\Program Files\2FA\ONE Server\api\web.config'
		
	}
	
	# case 1 = 4951 or newer
	1 {
		$webConfig = 'C:\Program Files\Identity Automation\RapidIdentity MFA\WebSite\web.config'
		$serviceSiteConfig = 'C:\Program Files\Identity Automation\RapidIdentity MFA\ServiceSite\web.config'
		$restServicesConfig = 'C:\Program Files\Identity Automation\RapidIdentity MFA\RestServices\web.config'
		$apiConfig = 'C:\Program Files\Identity Automation\RapidIdentity MFA\Api\web.config'
		
	}

} # end Switch ($version)


# begin Switch Case to turn logs ON/OFF
Start-Sleep -Seconds 1
Write-Output "`nGreat! Would you like to..."
Write-Output "Turn server logs ON [0]`nTurn server logs OFF [1]"
$choice = Read-host “Enter choice”

Switch ($choice) {

	# case 0 = logs ON
	0 {
		# Update web.config to turn logs ON
		Function enableLogConfig($config) {
			$doc = (Get-Content $config) -as [Xml]
			$root = $doc.get_DocumentElement();
			$logValue = $root.'system.diagnostics'.sources.source;
			$logValue.SetAttribute("switchValue", $logOn);
			$doc.Save($config)
		}

		# Update web.config for FQDN
		Function setFqdnConfig($config) {
			$doc = (Get-Content $config) -as [Xml]
			$root = $doc.get_DocumentElement();
			$logValue = $root.'system.diagnostics'.sources.source;
			$logValue.SetAttribute("switchValue", $logOn);
			$doc.Save($config)
		}

		# Process the web.config updates for each file
		enableLogConfig($webConfig)
		enableLogConfig($serviceSiteConfig)
		enableLogConfig($restServicesConfig)
		enableLogConfig($apiConfig)
		
		
		Start-Sleep -Seconds 1
		Write-Output "`nJust doing a quick IIS reset..."
		iisreset /restart
		Start-Sleep -Seconds 1
		
		If ($version -eq 1) {
			Write-Output "`nServer logs enabled! Opening logs path..."
			Start-Sleep -Seconds 2
			explorer 'C:\ProgramData\IdentityAutomation\MFA Server'
		}
		Else {
			Write-Output "`nServer logs enabled!"
		}
	}


	# Case 1 = logs OFF
	1 {
		# Update web.config to turn logs OFF
		Function enableLogConfig($config) {
			$doc = (Get-Content $config) -as [Xml]
			$root = $doc.get_DocumentElement();
			$logValue = $root.'system.diagnostics'.sources.source;
			$logValue.SetAttribute("switchValue", $logOff);
			$doc.Save($config)
		}

		# Update web.config for FQDN
		Function setFqdnConfig($config) {
			$doc = (Get-Content $config) -as [Xml]
			$root = $doc.get_DocumentElement();
			$logValue = $root.'system.diagnostics'.sources.source;
			$logValue.SetAttribute("switchValue", $logOff);
			$doc.Save($config)
		}

		# Process the web.config updates for each file
		enableLogConfig($webConfig)
		enableLogConfig($serviceSiteConfig)
		enableLogConfig($restServicesConfig)
		enableLogConfig($apiConfig)
		
		Start-Sleep -Seconds 1
		Write-Output "`nJust doing a quick IIS reset..."
		iisreset /restart
		Start-Sleep -Seconds 1
		Write-Output "Server logs disabled! Opening logs path..."
		Start-Sleep -Seconds 2
		explorer 'C:\ProgramData\IdentityAutomation\MFA Server'
	}

} # end Switch ($choice)
    Was this article helpful?
    What's Next