{"id":505,"date":"2023-07-04T09:06:01","date_gmt":"2023-07-04T01:06:01","guid":{"rendered":"https:\/\/www.ruianding.com\/blog\/?p=505"},"modified":"2023-08-31T01:50:54","modified_gmt":"2023-08-30T17:50:54","slug":"capturing-the-authentication-trace","status":"publish","type":"post","link":"https:\/\/www.ruianding.com\/blog\/capturing-the-authentication-trace\/","title":{"rendered":"Capturing the Authentication Trace"},"content":{"rendered":"\n

Auth traces are valuable for resolving various problems, including those related to Windows Hello for Business<\/strong>, device registration<\/strong>, and Active Directory authentication<\/strong>. When troubleshooting, it is often essential to capture concurrent Auth traces based on the specific issue at hand. The following text can be copied and inserted into emails sent to the customer, with possible modifications to the wording depending on the necessary steps for reproducing the problem.<\/p>\n\n\n\n

\n\n\n\n

If the affected user has administrative privileges on the machine, you can follow these steps:<\/h4>\n\n\n\n

1. Download the Auth PowerShell script files from the following link: <\/p>\n\n\n\n

https:\/\/aka.ms\/authscripts<\/a><\/p>\n\n\n\n

2. Extract the contents of the downloaded zip file to a folder of your preference.<\/p>\n\n\n\n

3. Open PowerShell as administrator on your Windows 10\/11 client and navigate to the directory where the script files were extracted.<\/p>\n\n\n\n

4. Execute the command: start-auth.ps1 -acceptEULA -v<\/strong> to initiate the trace.<\/p>\n\n\n\n

5. Reproduce the issue you are experiencing <\/strong>(e.g., lock and unlock the device for scenarios related to PRT issuance issues).<\/p>\n\n\n\n

6. Run the command stop-auth.ps1<\/strong> to stop the trace.<\/p>\n\n\n\n

7. Compress the AuthLogs<\/strong> folder, including all the captured data.<\/p>\n\n\n\n

8. Use the provided secure case files link to upload the zipped AuthLogs folder.<\/p>\n\n\n\n

\n\n\n\n

If the affected user does not<\/span> have administrative privileges on the machine, you can follow these steps:<\/h4>\n\n\n\n

1. Ensure that the affected user is signed out of the PC.<\/p>\n\n\n\n

2. Sign into the PC using an admin account.<\/p>\n\n\n\n

3. Download the Auth PowerShell script files from the following link: <\/p>\n\n\n\n

https:\/\/aka.ms\/authscripts<\/a><\/p>\n\n\n\n

4. Extract the contents of the downloaded zip file to a folder of your choice.<\/p>\n\n\n\n

5. Open an elevated PowerShell prompt by right-clicking on PowerShell and selecting “Run as administrator”.<\/p>\n\n\n\n

6. Change the directory to where the extracted script files are located.<\/p>\n\n\n\n

7. Execute the command: start-auth.ps1 -acceptEULA -v<\/strong> to initiate the trace.<\/p>\n\n\n\n

8. Click the “Switch User”<\/strong> button in the Start menu and switch to the affected user account. Sign in with the affected user account.<\/p>\n\n\n\n

9. Attempt to sign in. If it fails or if it reaches the desktop, switch back to the admin account.<\/p>\n\n\n\n

Note: It may take up to 2 minutes to capture the PRT request.<\/p>\n\n\n\n

10. From the admin PowerShell prompt, run stop-auth.ps1<\/strong> to stop the trace. Wait for the trace to finish.<\/p>\n\n\n\n

11. Switch back to the affected user and open a regular command prompt.<\/p>\n\n\n\n

12. Change the directory (CD) to the location where the AuthLogs folder is located.<\/p>\n\n\n\n

13. Run the following extra commands to capture the necessary data:<\/p>\n\n\n\n

dsregcmd \/status > dsregcmd-USER.txt\nwhoami > whoami-USER.txt\nwhoami \/upn > whoami-USERUPN.txt\nwhoami \/all > whoami-All.txt<\/pre>\n\n\n\n
14. Use the provided secure case files link to upload the zipped AuthLogs folder.<\/p>\n\n\n\n
\n\n\n\n
The Windows commend shell version Auth Scripts could be downloaded in the below link:<\/strong><\/p>\n\n\n\n
https:\/\/github.com\/raycrew5080\/AuthScript-cmdversion\/archive\/refs\/heads\/main.zip<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
Auth traces are valuable for resolving various problems, including those related to Windows Hello for Business, device registration, and Active Directory authentication. When troubleshooting, it is often essential to capture concurrent Auth traces based on the specific issue at hand. The following text can be copied and inserted into emails sent to the customer, with […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_themeisle_gutenberg_block_has_review":false,"footnotes":""},"categories":[36,13,12],"tags":[],"class_list":["post-505","post","type-post","status-publish","format-standard","hentry","category-drs","category-handyscripts","category-troubleshooting"],"yoast_head":"\nCapturing the Authentication Trace - \u6781\u7b80IT\uff5cSimpleIT<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.ruianding.com\/blog\/capturing-the-authentication-trace\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Capturing the Authentication Trace - \u6781\u7b80IT\uff5cSimpleIT\" \/>\n<meta property=\"og:description\" content=\"Auth traces are valuable for resolving various problems, including those related to Windows Hello for Business, device registration, and Active Directory authentication. When troubleshooting, it is often essential to capture concurrent Auth traces based on the specific issue at hand. The following text can be copied and inserted into emails sent to the customer, with […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.ruianding.com\/blog\/capturing-the-authentication-trace\/\" \/>\n<meta property=\"og:site_name\" content=\"\u6781\u7b80IT\uff5cSimpleIT\" \/>\n<meta property=\"article:published_time\" content=\"2023-07-04T01:06:01+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-08-30T17:50:54+00:00\" \/>\n<meta name=\"author\" content=\"Ruian Ding\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ruian Ding\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/capturing-the-authentication-trace\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/capturing-the-authentication-trace\/\"},\"author\":{\"name\":\"Ruian Ding\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b\"},\"headline\":\"Capturing the Authentication Trace\",\"datePublished\":\"2023-07-04T01:06:01+00:00\",\"dateModified\":\"2023-08-30T17:50:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/capturing-the-authentication-trace\/\"},\"wordCount\":441,\"publisher\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b\"},\"articleSection\":[\"DRS\",\"HandyScripts\",\"Troubleshooting\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/capturing-the-authentication-trace\/\",\"url\":\"https:\/\/www.ruianding.com\/blog\/capturing-the-authentication-trace\/\",\"name\":\"Capturing the Authentication Trace - \u6781\u7b80IT\uff5cSimpleIT\",\"isPartOf\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/#website\"},\"datePublished\":\"2023-07-04T01:06:01+00:00\",\"dateModified\":\"2023-08-30T17:50:54+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/capturing-the-authentication-trace\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.ruianding.com\/blog\/capturing-the-authentication-trace\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/capturing-the-authentication-trace\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.ruianding.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Capturing the Authentication Trace\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/#website\",\"url\":\"https:\/\/www.ruianding.com\/blog\/\",\"name\":\"Ruian's Tech Troubleshooting Toolbox\",\"description\":\"Debug the World.\",\"publisher\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b\"},\"alternateName\":\"\u4e01\u777f\u5b89\u7684\u6280\u672f\u5206\u4eab\u535a\u5ba2\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.ruianding.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b\",\"name\":\"Ruian Ding\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/05\/logo.png\",\"contentUrl\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/05\/logo.png\",\"width\":284,\"height\":284,\"caption\":\"Ruian Ding\"},\"logo\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/image\/\"},\"description\":\"I am currently a Support Specialist at NIO, focusing on cloud-related issues for NIO Power. Previously, at Microsoft Entra ID, I specialized in identity and access management (IAM), including device registration, Windows Hello for Business (WHfB), multi-factor authentication (MFA), and single sign-on (SSO). In addition to my core expertise, I have a strong foundation in Active Directory, Servers, Cloud Computing, Network Administration, and Front-end Web Development. This diverse technical skill set enables me to effectively handle a wide range of challenges in a fast-paced IT environment.\",\"sameAs\":[\"https:\/\/www.ruianding.com\"],\"url\":\"https:\/\/www.ruianding.com\/blog\/author\/ruiand\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Capturing the Authentication Trace - \u6781\u7b80IT\uff5cSimpleIT","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.ruianding.com\/blog\/capturing-the-authentication-trace\/","og_locale":"en_US","og_type":"article","og_title":"Capturing the Authentication Trace - \u6781\u7b80IT\uff5cSimpleIT","og_description":"Auth traces are valuable for resolving various problems, including those related to Windows Hello for Business, device registration, and Active Directory authentication. When troubleshooting, it is often essential to capture concurrent Auth traces based on the specific issue at hand. The following text can be copied and inserted into emails sent to the customer, with […]","og_url":"https:\/\/www.ruianding.com\/blog\/capturing-the-authentication-trace\/","og_site_name":"\u6781\u7b80IT\uff5cSimpleIT","article_published_time":"2023-07-04T01:06:01+00:00","article_modified_time":"2023-08-30T17:50:54+00:00","author":"Ruian Ding","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Ruian Ding","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.ruianding.com\/blog\/capturing-the-authentication-trace\/#article","isPartOf":{"@id":"https:\/\/www.ruianding.com\/blog\/capturing-the-authentication-trace\/"},"author":{"name":"Ruian Ding","@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b"},"headline":"Capturing the Authentication Trace","datePublished":"2023-07-04T01:06:01+00:00","dateModified":"2023-08-30T17:50:54+00:00","mainEntityOfPage":{"@id":"https:\/\/www.ruianding.com\/blog\/capturing-the-authentication-trace\/"},"wordCount":441,"publisher":{"@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b"},"articleSection":["DRS","HandyScripts","Troubleshooting"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.ruianding.com\/blog\/capturing-the-authentication-trace\/","url":"https:\/\/www.ruianding.com\/blog\/capturing-the-authentication-trace\/","name":"Capturing the Authentication Trace - \u6781\u7b80IT\uff5cSimpleIT","isPartOf":{"@id":"https:\/\/www.ruianding.com\/blog\/#website"},"datePublished":"2023-07-04T01:06:01+00:00","dateModified":"2023-08-30T17:50:54+00:00","breadcrumb":{"@id":"https:\/\/www.ruianding.com\/blog\/capturing-the-authentication-trace\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.ruianding.com\/blog\/capturing-the-authentication-trace\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.ruianding.com\/blog\/capturing-the-authentication-trace\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.ruianding.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Capturing the Authentication Trace"}]},{"@type":"WebSite","@id":"https:\/\/www.ruianding.com\/blog\/#website","url":"https:\/\/www.ruianding.com\/blog\/","name":"Ruian's Tech Troubleshooting Toolbox","description":"Debug the World.","publisher":{"@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b"},"alternateName":"\u4e01\u777f\u5b89\u7684\u6280\u672f\u5206\u4eab\u535a\u5ba2","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.ruianding.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b","name":"Ruian Ding","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/05\/logo.png","contentUrl":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/05\/logo.png","width":284,"height":284,"caption":"Ruian Ding"},"logo":{"@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/image\/"},"description":"I am currently a Support Specialist at NIO, focusing on cloud-related issues for NIO Power. Previously, at Microsoft Entra ID, I specialized in identity and access management (IAM), including device registration, Windows Hello for Business (WHfB), multi-factor authentication (MFA), and single sign-on (SSO). In addition to my core expertise, I have a strong foundation in Active Directory, Servers, Cloud Computing, Network Administration, and Front-end Web Development. This diverse technical skill set enables me to effectively handle a wide range of challenges in a fast-paced IT environment.","sameAs":["https:\/\/www.ruianding.com"],"url":"https:\/\/www.ruianding.com\/blog\/author\/ruiand\/"}]}},"_links":{"self":[{"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/posts\/505","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/comments?post=505"}],"version-history":[{"count":8,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/posts\/505\/revisions"}],"predecessor-version":[{"id":513,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/posts\/505\/revisions\/513"}],"wp:attachment":[{"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/media?parent=505"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/categories?post=505"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/tags?post=505"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}