Disable Trace.axd on Windows Server 2012 R2 (ADFS) (Network Steve Forum)

Disable Trace.axd on Windows Server 2012 R2 (ADFS)

Hi all,

We have been audited (pen test) and they identified few security vulnerabilities.

One of them is that tracing is enabled on our ADFS 3.0 servers and that we should disbale it.

On IIS disabling tracing is easy, you have just to add a line to the web.config file.

But with ADFS 3.0, http.sys is used on behalf of IIS and i can find nothing regarding this information.

Any idea from the great community ??

July 27th, 2015 12:15pm

The use of IIS with AD FS in Windows Server 2012 R2 has been eschewed in favour of a move to kernel-mode (HTTP.SYS).

As far as I know, the AD FS application files are now held under C:\Windows\ADFS, instead of C:\Program Files\Active Directory or C:\Program Files (x86). The Microsoft.IdentityServer.Servicehost.exe.config file in it is where all trace options for various services and endpoints can be enabled. So you might want to have a check and see if you are able to disable the trace there.

By the way, for any AD FS related issues, we suggest you post in the dedicated forum, where you can get more experienced responses:

https://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=Geneva

The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.

Regards,

Eth

Free Windows Admin Tool Kit Click here and download it now

July 28th, 2015 9:33am

Hi,

First thank you for your answer. Yes, i'm aware that the configuration file or ADFS is Microsoft.IdentityServer.Servicehost.exe.config. But, i don't knwo how to edit it to disable tracing. I'm not an IIS player and i don't know much about the conflagration meanings.

I posted this question in this forum because it's a security related question, in this case related to ADFS. But we can have http.sys for any other application that uses it.

So who can help me how to modify this file or what to add to disable tracing ?

Thanks Ethan.

July 28th, 2015 9:38am

>>So who can help me how to modify this file or what to add to disable tracing ?

This one might be helpful:

https://jorgequestforknowledge.wordpress.com/2014/02/05/enabling-debug-tracing-in-adfs-v2-1-and-v3-0/

Edited by Aravindhan Battepati 4 hours 44 minutes ago

Free Windows Admin Tool Kit Click here and download it now

August 3rd, 2015 10:23pm

This topic is archived. No further replies will be accepted.