Recipe 16.17. Enabling NetLogon Logging

Previous page
Table of content
Next page

Problem

You want to troubleshoot domain membership, Group Policy, site location, or user account (lockout, password, expiration, etc.) issues by enabling NetLogon logging.

Solution

Using a command-line interface

The following command enables NetLogon logging:

> nltest /dbflag:0x2000ffff

Using the Registry

To enable NetLogon logging, set the following Registry value:

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters Value Name: Dbflag Value Type: REG_SZ Value Data: 0x2000ffff

For both solutions, logging will start immediately you do not need to restart the computer or even the NetLogon service. The log file will be located at %Systemroot%\debug\netlogon.log.

Discussion

The NetLogon service is responsible for authenticating a user, applying Group Policy objects, and other domain-based activities. If you enable NetLogon logging, you can see very detailed information about the actions this service performs. It is extremely useful when troubleshooting account lockout problems. The log will indicate which domain controller is locking the user out, and contains information about the domain controller the computer is authenticating against.

In the solutions, we described how to enable logging at the most verbose level. You can actually log specific actions by modifying the value data. The complete list of logging options is described in MS 109626. Simply add together each action you want to log and use the result in place of 0x2000ffff. To disable logging, use 0x0 for the value.

If you leave logging enabled for a period of time, the netlogon.log file can grow quite large. If you enabled logging specifically to troubleshoot user account issues, you may want to download the Account Lockout and Management toolset from Microsoft (http://www.microsoft.com/downloads/details.aspx?familyid=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E). Included is a tool called nlparse.exe. With it you can extract lines that have a particular status code (e.g., 0x0 Successful Login). We've included a screenshot of nlparse in Figure 16-2.

Figure 16-2. Nlparse utility


See Also

MS KB 109626, "Enabling Debug Logging for the Net Logon Service," and MS KB 314861, "How Domain Controllers Are Located in Windows XP"


Previous page
Table of content
Next page
Windows XP Cookbook
Windows XP Cookbook (Cookbooks)
ISBN: 0596007256
EAN: 2147483647
Year: 2006
Pages: 408
Authors: Robbie Allen, Preston Gralla
BUY ON AMAZON
Software Configuration Management
VBScript Programmers Reference
Snort Cookbook
Competency-Based Human Resource Management
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
Microsoft Office Visio 2007 Step by Step (Step By Step (Microsoft))
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy