Where are Windows 7 wireless connection event logs?

7

1

I'm trying to diagnose and test some a Windows 7 domain-auth-over-wireless-network. I'd like to see what network the computer is connecting to, what auth it is using, and what DHCP data it receives prior to user login, and also what happens after user login. Does event viewer show this info? Do I need to enable it anywhere?

Cheers,

Victor

askvictor

Posted 2011-09-12T00:11:57.003

Reputation: 1 450

Answers

2

They are sort of all over the place.

DNS resolution is going to be in the Window Logs/System. DHCP will be under Applications/Microsoft/Windows/DHCP Client. Other logon issues will also show up under Window Logs/System.

Your best bet is to go under Custom Views and setup a Custom view with keywords you are looking for. I would go with keywords like "LSA", "DNS Client", "DHCP Client, etc

It isn't going to record what wireless protocol it is using.

That's the job of WMI. You can just write a VBscript that enumerates through all the network driver's info and writes it to a log every time your logon event fails.

You'll also want to turn off your logon cache.

edit

So, apparently Windows logs a long list info if you try a click the Network troubleshooter on a wireless connection.

  1. The name of the driver, and whether it is WQHL
  2. the SSID
  3. Signal Strength
  4. CHannel
  5. Wireless protocol
  6. List of wireless networks saved on your computer
  7. IP settings

So now it is a matter of invoking the Network Diagnosis feature to get all that.

It should be logged under Applications/Microsoft/Windows/Diagnostics-Networking. It also logs an event under Windows/System

Sorry for the unresearched answer earlier.

Happy Hunting.

surfasb

Posted 2011-09-12T00:11:57.003

Reputation: 21 453

I added an edit when I looked at my own event logs – surfasb – 2011-09-12T00:42:56.303

13

Computer Management>Event Viewer/Applications and Services logs/Microsoft/Windows/WLAN-Autoconfig will tell you want the adapter is doing. The Network Diagnostic is rarely helpful.

velvetsmoke

Posted 2011-09-12T00:11:57.003

Reputation: 131

0

You could also use this handy, compact tool. (I'm not associated with it, I'm just a user.)

http://www.nirsoft.net/utils/wifi_history_view.html

[Edit] On reflection, it does not display all of the info you asked for.

The following columns are provided by WifiHistoryView:

  • Event Time: The date/time that the specified event occurred.
  • Event Type: The type of event: Connected, Disconnected, Failed To Connect, or Network Association. The 'Network Association' event occurs while trying to connect a wireless network.
  • Network Adapter Name: The name of the wireless network adapter that was used to connect the wireless network.
  • Interface GUID: The interface GUID of the wireless network adapter.
  • Local MAC Address: The MAC address of the wireless network adapter.
  • Profile Name: The name of the Windows wifi profile.
  • SSID: The name of the wireless network.
  • BSS Type: Infrastructure or Ad-Hoc.
  • BSSID: The MAC address of the router/access point.
  • BSSID Company: The company that manufactured the router/access point, according to the MAC address. This value is available only if you download this oui.txt file and put it in the same folder of WifiHistoryView.exe (You should save it as oui.txt)
  • PHY Type: 802.11g or 802.11n or 802.11ac
  • Encryption: AES, TKIP or None.
  • Event ID: The event ID of the event in Windows event viewer. WifiHistoryView uses the following event IDs: 8001, 8003, 8002, and 11001.
  • Event Record ID: The event record ID of the event in Windows event viewer.
  • Disconnect Reason: The reason that the network was disconnected (Displayed only for 'Disconnected' events).

Tim Williams

Posted 2011-09-12T00:11:57.003

Reputation: 1

Asked: 2011-09-12T00:11:57.003

Viewed: 67 588 times

Active: 2017-10-17T21:13:52.100