Webex Log File Location



  1. Webex Teams Log File Location
  2. Webex Log File Locations
  3. Webex Log Files
  4. Cisco Webex Files
  5. Webex Log In Instruction
  6. Webex Document Loader File Location

Introduction

This document describes an issue where Webex is not able to place calls when it is paired to an on-premise registered device via proximity.

Problem: Webex Unable to Place Calls when it is Paired to an On-Premise Registered Device

When you attempt to make an outbound call or join a Webex meeting from Webex app, while it is paired to an on-premise device, Webex throws the error 'This device does not allow you to start calls or join meetings using your Webex app. Try placing the call directly from the device.'. Steps to reproduce the problem are described here:

Step 1. The Webex app successfully pairs to the device as shown in the image:

Step 2. When the meeting becomes available to join, click the Now button to launch the join screen as shown in the image:

Step 3. Verify the device is selected and click Join Meeting as shown in the image:

Webex Teams Log File Location

Trusted by millions. Cisco Webex is the ultimate tool for online video conference calls. 4K HD video & audio. Intuitive meetings. Favorite integrations. To copy the log files: Download iTools or iFunbox (Windows/Mac). Start iTools or iFunbox to connect iPhone/iPad through USB. Navigate to the Logs folder: Jabber Library Application Support Logs. Copy the log files to your local computer.

Step 4. After you click on Join meeting you are presented with an error as shown in the image:

If you need these error collect logs from the Webex app for analysis.

Location of log files for Webex Application is:

  1. Windows: %USERPROFILE%AppDataLocalCiscoSpark
  2. MacOS: ~/Library/Logs/SparkMacDesktop


Log Review

In the earlier mentioned log path, find the current_log.txt file and review to check:

From the log file, the TelephonyDevices.cpp and TelephonyService.cpp service keywords are used to find the attempted call made by the client.

After the call is attempted, you must see the error thrown for the call failure as shown:

Solution

This issue occurs when CallControl under Proximity settings is not enabled. You should enable CallControl under the Proximity settings of the device. This can be achieved with one of these options:

Option 1. The GUI of the Device

Log in to the endpoints GUI and Navigate to Setup > Configuration > Proximity and enable CallControl as shown in the image:

Webex Log File Locations

Option 2. CUCM if the Device is Registered to CUCM

From Cisco Unified Communications Manager (CUCM) Administration, Navigate to Device > Phone > Select Affected Device and scroll down to the Proximity settings and enable Call Control as shown in the image:

Option 3: The CLI of the Device

Related Information

-->

AD FS provides two primary logs that can be used in troubleshooting. They are:

Webex document loader file location
  • the Admin Log
  • the Trace Log

Each of these logs will be explained below.

Admin Log

The Admin log provides high level information on issues that are occurring and is enabled by default.

To view the admin log

  1. Open Event Viewer
  2. Expand Applications and Services Log.
  3. Expand AD FS.
  4. Click on Admin.

Trace Log

The Trace log is where detailed messages are logged, and will be the most useful log when troubleshooting. Since a lot of trace log information can be generated in a short amount of time, which can impact system performance, the trace logs are disabled by default.

To enable and view the trace log

  1. Open Event Viewer
  2. Right-click on Applications and Services Log and select view and click on Show Analytic and Debug Logs. This will show additional nodes on the left.
  3. Expand AD FS Tracing
  4. Right-click on Debug and select Enable Log.

Event auditing information for AD FS on Windows Server 2016

By default, AD FS in Windows Server 2016 has a basic level of auditing enabled. With basic auditing, administrators will see 5 or less events for a single request. This marks a significant decrease in the number of events administrators have to look at, in order to see a single request. The auditing level can be raised or lowered using the PowerShell cmdlt:

The table below explains the available auditing levels.

Audit LevelPowerShell syntaxDescription
NoneSet-AdfsProperties -AuditLevel NoneAuditing is disabled and no events will be logged.
Basic (Default)Set-AdfsProperties -AuditLevel BasicNo more than 5 events will be logged for a single request
VerboseSet-AdfsProperties -AuditLevel VerboseAll events will be logged. This will log a significant amount of information per request.

To view the current auditing level, you can use the PowerShell cmdlt: Get-AdfsProperties.

The auditing level can be raised or lowered using the PowerShell cmdlt: Set-AdfsProperties -AuditLevel.

Types of Events

AD FS events can be of different types, based on the different types of requests processed by AD FS. Each type of event has specific data associated with it. The type of events can be differentiated between login requests (i.e. token requests) versus system requests (server-server calls including fetching configuration information).

The table below describes the basic types of events.

Event TypeEvent IDDescription
Fresh Credential Validation Success1202A request where fresh credentials are validated successfully by the Federation Service. This includes WS-Trust, WS-Federation, SAML-P (first leg to generate SSO) and OAuth Authorize Endpoints.
Fresh Credential Validation Error1203A request where fresh credential validation failed on the Federation Service. This includes WS-Trust, WS-Fed, SAML-P (first leg to generate SSO) and OAuth Authorize Endpoints.
Application Token Success1200A request where a security token is issued successfully by the Federation Service. For WS-Federation, SAML-P this is logged when the request is processed with the SSO artifact. (such as the SSO cookie).
Application Token Failure1201A request where security token issuance failed on the Federation Service. For WS-Federation, SAML-P this is logged when the request was processed with the SSO artifact. (such as the SSO cookie).
Password Change Request Success1204A transaction where the password change request was successfully processed by the Federation Service.
Password Change Request Error1205A transaction where the password change request failed to be processed by the Federation Service.
Sign Out Success1206Describes a successful sign-out request.
Sign Out Failure1207Describes a failed sign-out request.

Security Auditing

Security auditing of the AD FS service account can sometimes assist in tracking down issues with password updates, request/response logging, request contect headers and device registration results. Auditing of the AD FS service account is disabled by default.

To enable security auditing

Webex Log Files

  1. Click Start, point to Programs, point to Administrative Tools, and then click Local Security Policy.
  2. Navigate to the Security SettingsLocal PoliciesUser Rights Management folder, and then double-click Generate security audits.
  3. On the Local Security Setting tab, verify that the AD FS service account is listed. If it is not present, click Add User or Group and add it to the list, and then click OK.
  4. Open a command prompt with elevated privileges and run the following command to enable auditingauditpol.exe /set /subcategory:'Application Generated' /failure:enable /success:enable
  5. Close Local Security Policy, and then open the AD FS Management snap-in.

To open the AD FS Management snap-in, click Start, point to Programs, point to Administrative Tools, and then click AD FS Management.

  1. In the Actions pane, click Edit Federation Service Properties
  2. In the Federation Service Properties dialog box, click the Events tab.
  3. Select the Success audits and Failure audits check boxes.
  4. Click OK.

Note

The above instructions are used only when AD FS is on a stand-alone member server. If AD FS is running on a domain controller, instead of the Local Security Policy, use the Default Domain Controller Policy located in Group Policy Management/Forest/Domains/Domain Controllers. Click edit and navigate to Computer ConfigurationPoliciesWindows SettingsSecurity SettingsLocal PoliciesUser Rights Management

Windows Communication Foundation and Windows Identity Foundation messages

In addition to trace logging, sometimes you may need to view Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF) messages in order to troubleshoot an issue. This can be done by modifying the Microsoft.IdentityServer.ServiceHost.Exe.Config file on the AD FS server.

This file is located in <%system root%>WindowsADFS and is in XML format. The relevant portions of the file are shown below:

Cisco Webex Files

After you apply these changes, save the configuration, and restart the AD FS service. After you enable these traces by setting the appropriate switches, they will appear in the AD FS trace log in the Windows Event Viewer.

Correlating Events

One of the hardest things to troubleshoot is access issues that generate a lot of error or debug events.

To help with this, AD FS correlates all events that are recorded to the Event Viewer, in both the admin and the debug logs, which correspond to a particular request by using a unique Globally Unique Identifier (GUID) called the Activity ID. This ID is generated when the token issuance request is initially presented to the web application (for applications using the passive requestor profile) or requests sent directly to the claims provider (for applications using WS-Trust).

This activity ID remains the same for the entire duration of the request, and is logged as part of every event recorded in the Event Viewer for that request. This means:

Webex Log In Instruction

  • that filtering or searching the Event Viewer using this activity ID can help keep track of all related events that correspond to the token request
  • the same activity ID is logged across different machines which allows you to troubleshooting a user request across multiple machines such as the Federation Server proxy (FSP)
  • the activity ID will also appear in the user's browser if the AD FS request fails in any way, thus allowing the user to communicate this ID to help desk or IT Support.

To aid in the troubleshooting process, AD FS also logs the caller ID event whenever the token-issuance process fails on an AD FS server. This event contains the claim type and value of one of the following claim types, assuming that this information was passed to the Federation Service as part of a token request:

The caller ID event also logs the activity ID to allow you to use that activity ID to filter or search the event logs for a particular request.

Webex Document Loader File Location

Next Steps