How to use diagnostic trace tools for troubleshooting ADFS or Web Application Proxy Server issues

Steps

Simultaneous traces from both server and client during reproduction of the issue.

From ADFS server:

1. Download the ADFS tracing script (ADFS-tracing.ps1) available on Github
2. Save to any location on the ADFS servers.
3. Open PowerShell as admin, switch into the directory where the scripts are.
4. Execute ADFS-tracing.ps1
5. In the prompt select the following and choose a location to save the trace.
   • Runtime Tracing
   • include Network Traces
6. Click ok to proceed. (Start the trace on the other servers if applicable)
7. Ctrl + Y to start the trace, wait until prompted to reproduce the issue.
8. Reproduce the issue.
9. Ctrl + Y to stop the trace.
10. Upload data to the link provided by Support

Also, from an elevated PowerShell:

• Install-Module -Name ADFSToolbox -Force
• Import-Module ADFSToolbox -Force
• Export-AdfsDiagnosticsFile

From client:

To capture the Fiddler logs, please follow these steps:

1. Download and install Fiddler from Telerik.
2. Close all unnecessary application while collection the Fiddler trace.
3. Open Fiddler, In Tools->Fiddler Options->HTTPS, check “Decrypt HTTPS traffic”.
4. Click “Yes” on the prompt for trust Fiddler Root Certificate.
5. Click “Yes” to install the certificate.
6. Click “Yes” to confirm.
7. Click “OK” and “OK” to back.
8. Start Capturing: File->Capture Traffic
9. Reproduce the issue, log down the time when the issue happens again.
10. Stop Fiddler Trace: File->Capture Traffic F12, save trace: File->Save>All Sessions. Save the trace out as .saz file.

 Note: You can also capture a browser network trace and save it as a .HAR file using the browser developer tools.