Analyzing the IP Address and Error Codes in the Inetpub.log File
The IP address and error code in the Inetpub.log file can provide important information about AD CS communication.
An Inetpub.log file with a valid certificate request looks similar to the following:
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-taken
2021-08-01 14:04:07 10.0.1.3 POST /api/v1/certificate/request - 443 AdcsProxyAccessUser 10.0.1.10 Java-SDK - 200 0 0 2156
2021-08-01 14:04:10 10.0.1.3 POST /api/v1/certificate/retrieve - 443 AdcsProxyAccessUser 10.0.1.10 Java-SDK - 200 0 0 63
In the example above:
-
10.0.1.3
is the IP address of the Jamf AD CS Connector. -
10.0.1.10
is the IP address of the source of the request: Jamf Pro or a reverse proxy/load balancer. -
200
is the error code or status.200
indicates that communication was successful. -
The
0
immediately following200
is the substatus.
Analyze the Inetpub.log
file for these following common issues:
-
If the logs are blank, Jamf Pro server is not communicating with the Jamf AD CS Connector.
-
If the logs contain a certificate request, but no retrieve statement, Jamf Pro server is communicating with the Jamf AD CS Connector. If this occurs, examine what happened with the certificate request (see below for certificate authority (CA) troubleshooting steps). The Jamf Pro server log can provide more detail as well. Most likely a the CA name is incorrect or a there is a problem with the template.
-
If a retrieve statement is present, the communication from the Jamf Pro server to the CA and back is most likely successful. This indicates that the issue is not at the AD CS/CA level and requires further troubleshooting on the Jamf Pro server or the target device.
-
A 401 status is an Unauthorized error.
-
A 403 status is a Forbidden error.
-
403.7 is a specific combination of Forbidden error and substatus code.
For more information, see the following documentation from Microsoft:
Error when you open an IIS webpage: 403.7 Forbidden: Client certificate required
-
403.16 is a specific combination of Forbidden error and substatus code.
For more information, see the following documentation from Microsoft:
HTTP Error 403.16 when you try to access a website that's hosted on IIS 7.0
If a request statement is logged but no retrieve statement is present, the Jamf Pro server logs may say why, but on the Microsoft Windows CA side, the following can be checked: