This article is contributed. See the original author and article here.

Introduction


CAPI2 log is a diagnostic log in Windows that tracks cryptographic operations. It track events related to certificate validation, key exchange. It also record how Windows and applications use cryptographic algorithms for securing data. This is crucial for diagnosing issues with SSL/TLS, digital signatures, and other encryption-related processes. CAPI2 logs are particularly useful for diagnose security-related problems in Windows systems. When troubleshooting issues related to cryptographic operations in Windows, it may be necessary to enable and collect logs for both Schannel and CAPI2. This article will help you to configure and collect these logs for diagnostic purposes.


 


Schannel Logging


Before enabling CAPI2 logs, you need to configure Schannel logging. Schannel is responsible for handling encryption and certificate-based authentication on Windows systems. Follow the below steps to enable Schannel logging:


 



  • Open Registry Editor.

  • Go to Run type regedit, and then click OK.

  • Take a backup of your registry. Go to File -> Export and choose a location and backup name and click Save. Refer the warning section before making any changes in registry.

  • Locate the following key in the registry –


HKEY_LOCAL_MACHINESystemCurrentControlSetControlSecurityProvidersSCHANNEL


HridayDutta_0-1726906281215.png



  • Right-click and select Modify the EventLogging key.

  • Update the value to 0x0003

    Value Name: EventLogging


    Data Type: REG_DWORD


    Value:  3



  • Click OK and close the Registry Editor.

  • You need to reboot the system to logging take effect.

  • To disable the Schannel log update EventLogging value to 0x00000.


Warning


Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.


 


CAPI2 Log


To enable CAPI2 logs follow the below steps –


 



  • Open Event Viewer (press Win + R, type eventvwr, and press Enter).

  • Navigate to Applications and Services Logs -> Microsoft -> Windows -> CAPI2 -> Operational

  • Now right-click and Clear Log to delete all existing logs (if any).


HridayDutta_1-1726906891204.png


 



  • To enable the logs right-click again and select Enable Log.

  • Reproduce the issue.

  • To disable the CAPI2 logs right- click and select Disable Log.


 


Conclusion


By following these steps, you can configure and collect both Schannel and CAPI2 logs for cryptographic troubleshooting. Remember to disable Schannel and CAPI2 logging after the issue is resolved to avoid unnecessary log generation in the future.  This log will be helpful to diagnose and troubleshoot SSL, TLS and other cryptographic related issues. If you want us to do that, please contact us with a case and we will do it for you.


 

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.