Ever wondered what kind of logs are generated by SSO? Turns out there are a ton of them! Read on to find out what gets logged where. Of course, VMware has made it easy for us to collect all the logs together by simply running the support bundle utility. However, this information is good to know to do the first level of troubleshooting. Let's start with the installer logs
| Log File Name |
| Purpose |
| vminst.log | %TEMP% | Single Sign-On installer log |
| vim-sso-msi.log | %TEMP% | MSI installer verbose logs |
| vim_ssoreg.log | %TEMP% | Single Sign-On Lookup Service log. |
| exported_sso.properties | %TEMP% | Endpoint information about each of the Single Sign-On Solution Users and identity sources extracted from previous vCenter Single Sign-On 5.1.0 instance. |
| vim-openssl-msi.log | %TEMP% | MSI installer verbose log for OpenSSL installation |
| vim-python-msi.log | %TEMP% | MSI installer verbose log for Python installation |
| vim-kfw-msi.log | %TEMP% | MSI installer verbose log for MIT Kerberos installation |
Now let’s take a look at the logs for each component in SSO. In my previous posts I have gone into some level of detail about the components in SSO.
VMware Directory Services (vmdir) logs
| Log File Name |
| Purpose |
| vdcpromo.log | C:\ProgramData\Vmware\CIS\logs\vmdird\ VCVA: /var/log/vmware/vmdir | Promotion and demotion operation information for the Single Sign-On instance when joined or removed from a linked configurations |
| vdcsetupIdu.log | C:\ProgramData\Vmware\CIS\logs\vmdird\ VCVA: /var/log/vmware/vmdir | VMware Directory Service setup post-installation log containing information about the localhost name. |
| vmdir.log | C:\ProgramData\Vmware\CIS\logs\vmdird\ VCVA: /var/log/vmware/vmdir | Health reports for the VMware Directory Service (VMDir) service and the VMDir database. |
VMware Identity Management Service (idm) logs
| Log File Name |
| Purpose |
| vmware-sts-idmd.log | C:\ProgramData\Vmware\CIS\logs\vmware-sso\ VCVA: /var/log/vmware/sso | VMware Identity Management service run-time logs, time-stamped records of user attempts when accessing Single Sign-On for administrative purposes. |
| vmware-sts.ldmd-perf.log | C:\ProgramData\Vmware\CIS\logs\vmware-sso\ VCVA: /var/log/vmware/sso | VMware Identity Management service performance counter logs. |
| VMwareIdentityMgmtService.<date>.log | C:\ProgramData\Vmware\CIS\logs\vmware-sso\ VCVA: /var/log/vmware/sso | Daemon log once the Identity Management Service has started. |
VMware Secure Token Service (sts) logs
| Log File Name |
| Purpose |
| wrapper.log | C:\ProgramData\VMware\CIS\runtime\VMwareSTS\logs | Java service wrapper log. |
| ssoAdminServer.log | C:\ProgramData\VMware\CIS\runtime\VMwareSTS\logs | SSO Admin Server log. |
| lookupServer.log | C:\ProgramData\VMware\CIS\runtime\VMwareSTS\logs | SSO Lookup Server log. |
| catalina.<date>.log | C:\ProgramData\VMware\CIS\runtime\VMwareSTS\logs | Web Server log. |
| vmware-identity-sts.log | C:\ProgramData\VMware\CIS\runtime\VMwareSTS\logs | Interactions between STS and IDM. |
| vmware-identity-sts-perf.log | C:\ProgramData\VMware\CIS\runtime\VMwareSTS\logs | Performance results of interactions between STS and IDM. |
VMware Kdc Service (vmkdc) logs
| Log File Name |
| Purpose |
| vmkdcd.log | C:\ProgramData\VMware\CIS\logs\vmkdcd\ | Key Distribution Center (kdc) run-time log, reports ports conflicts preventing the service from starting etc. |
vTip: If you recall there is one more service: the vmca service. This service doesn’t generate any logs *yet*.
