Log Files for Network Access Protection
There are a number of log files you can reference to help troubleshoot Network Access Protection in Configuration Manager 2007.
Configuration Manager Log Files
The following Configuration Manager logs are created with Network Access Protection (NAP) and can be used to verify normal operation, as well as to help diagnose problems.
The Configuration Manager 2007 client computer log files are found, by default, in *%windir%\*CCM\Logs. For client computers that are also management points, the log files are found in *%ProgramFiles%\*SMS_CCM\Logs.
| Log file name | Description |
|---|---|
Ccmcca.log |
This file logs the processing of compliance evaluation based on Configuration Manager NAP policy processing. It also contains the processing of remediation for each software update required for compliance. |
locationservices.log |
This log is used by other Configuration Manager features (for example, information about the client's assigned site), but it also contains information specific to Network Access Protection when the client is in remediation. It records the required remediation servers (management point, software update point, and distribution points that host content required for compliance), which are also sent in the client statement of health. |
SMSSha.log |
This is the main log file for the Configuration Manager Network Access Protection client, and it contains a merged statement of health information from the two Configuration Manager components: location services (LS) and the configuration compliance agent (CCA). This log file also contains information about the interactions between the Configuration Manager System Health Agent and the operating system NAP agent, and also between the Configuration Manager System Health Agent and both the computer compliance agent and location services. It provides information about whether the NAP agent successfully initialized, the statement of health data, and the statement of health response. |
CIAgent.log |
This tracks the process of remediation and compliance. However, the software updates log file, Updateshandler.log provides more informative details on installing the software updates required for compliance. |
SDMAgent.log |
This log file is shared with the Configuration Manager feature desired configuration management, and it also contains the tracking process of remediation and compliance. However, the software updates log file, Updateshandler.log provides more informative details about installing the software updates required for compliance. |
On the server side for the System Health Validator point, you should first check the Windows Application event log on the Windows Network Policy Server computer. This log will record any failure categories and errors with the source being SMS_SYSTEM_HEALTH_VALIDATOR. These are also raised as Configuration Manager status messages. For more information about the failure categories and error codes, see Network Access Protection Failure Categories and Error Codes.
More detailed logging information can be found in the Configuration Manager logs and the System Health Validator point log files are located in %systemdrive%\SMSSHV\SMS_SHV\Logs.
| Log file name | Description |
|---|---|
Ccmperf.log |
This log contains information about the initialization of the System Health Validator point performance counters. |
SmsSHV.log |
This is the main log file for the System Health Validator point. It logs the basic operations of the System Health Validator service, such as the initialization progress. |
SmsSHVADCacheClient.log |
This log file contains information about retrieving Configuration Manager health state references from Active Directory Domain Services. |
SmsSHVCacheStore.log |
This log file contains information about the cache store used to hold the Configuration Manager NAP health state references retrieved from Active Directory Domain Services, such as reading from the store and purging entries from the local cache store file. |
SmsSHVRegistrySettings.log |
This log is used to record any dynamic changes to the System Health Validator component configuration while the service is running. |
SmsSHVQuarValidator.log |
This log file records client statement of health information and processing operations. To obtain full information, change the registry key LogLevel from 1 to 0 in the following location: HKLM\SOFTWARE\Microsoft\SMSSHV\Logging\@GLOBAL |
Additionally, setup information for the System Health Validator point can be found in a setup log on the computer running the Network Policy Server.
| Log file name | Description |
|---|---|
<InstallationPath>\Logs\SMSSHVSetup.log |
This log file records the success or failure (with failure reason) of installing the System Health Validator point. |
Network Policy Server Log Files
The following two log files can be used to help identify which policy configured on the Network Policy Server was used for each connecting client, and which System Health Agent was responsible for the compliant or non-compliant status. When you are using multiple System Health Agents and System Health Validators, Configuration Manager reports on all computers that undergo remediation. This might include computers that were compliant for Configuration Manager but failed a different health check, such as having the latest antivirus software signatures.
| Log file name | Description |
|---|---|
IN<date>.log |
By default, this file is created in %windir%\system32\LogFiles, but it can be configured to an alternative location. For more information, see Configuring Logging for Configuration Manager Network Access Protection. |
%windir%\Tracing\IASNAP.log |
Enable this logging with the following command to provide detailed information about the Network Policy Server operation when NAP policies are configured: Netsh ras set tr * en |
See Also
Concepts
Network Access Protection Failure Categories and Error Codes
How to Verify Network Access Protection Components