HOWTO: Enable Kerberos Logging via PowerShell

Our servers still have a RegEdit policy lock-down in affect. Yes, it is still silly. PowerShell however is allowed šŸ™‚

Turning on Kerberos logging allows you to view detailed information on any Kerberos errors in the Windows event log via the System log. There is a Microsoft Knowledgebase article about how to turn it on, but that requires Regedit access. You can, however, turn this on via PowerShell. When the kerberos logging is turned on, check the Windows System event log for entries. The change is instantaneous – you do not need to log off or reboot to see the event logging.

# Get the value of theĀ Kerberos logging property
Get-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters

If you do not have this key, it will return no data. However, if you do have this key it should return something similar to:

PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters

*snip*

LogLevel : 1
#Ā Add the log level key for Kerberos logging
New-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters -Name "LogLevel" -value "1" -PropertyType dword
# Enable Kerberos logging
Set-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters -Name "LogLevel" -value "1"
#Ā Disable Kerberos logging
Set-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters -Name "LogLevel" -value "0"
Advertisements

One Response to “HOWTO: Enable Kerberos Logging via PowerShell”

  1. SharePoint 2010 and SQL Server Reporting Services – The request failed with HTTP status 401: Unauthorized « Back in Hack Says:

    […] error down, but you can use Kerberos logging to see any entries in the event log by following these instructions. Note that a reboot/restart of IIS is *not* required, so it is a good test to check kerberos […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: