Logging with the Netlogon service
Netlogon service
This post is regarding to enable logging of the Netlogon service in Windows in order to monitor or troubleshoot authentication, DC locator, account lockout, or other domain communication-related issues.
The Netlogon service is one of the important Local Security Authority (LSA) processes that run on each and every domain controller. We can troubleshoot authentication problems, analyzing the Netlogon service log files can be useful.
These logs can be used to account lockout issue, authentication and also can tract the authentication request if there is any application or tools is hard coded with any of domain controllers. The NETLOGON log file will provide a detailed logging of all NETLOGON events and helps you to trace the originating device on which the logon attempts (and subsequent lockout) occurs.
To enable NETLOGON logging, run the following command (from an elevated command prompt):
There is no need to restart the net logon service.Once command executed it will start to written the authentication details in this file.
The logging is written to a single file: %SYSTEMROOT%\debug\Netlogon.log. By default the size of this file is 20 MB and once logs reached to 20 MB it start overwritten the old log files.
You can see the above netlogon debugging logs file under %SYSTEMROOT%\debug folder.Open the file and you will get details information about authentication or lockout issue.
You can also increase or decrease the size of this file by adding the DWORD value MaximumLogFileSize in registry key of domain controllers.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters) specifies the maximum log file size in bytes. Do note that the actual disk space needed is two times that value: when the Netlogon.log reached the maximum size, it is rotated to Netlogon.bak.
Once you’re finished debugging, run the following command to disable debug logging:
nltest /dbflag:0x0
Also Check this.
What is ntds.dit and where its held? What other folders are related to AD?
So, that’s all in this blog. I will meet you soon with next stuff .Have a nice day !!!
Recommended content
RODC Installation Guide- Step by step guide to install read only domain controller
RODC Filtered Attribute Set
Installing and configuring a RODC in Windows Server-2012
How to find the GUID of Domain Controller
Understanding Group Policy Preferences
Group Policy Verification Tool GPOTool Exe
Group Policy Health Check on Specific Domain Controller
Netlogon Folder in Active Directory
Custom Attributes in Active Directory
Tombstone Lifetime of My Active Directory Forest
Computers AD Site From the Command Line
Active Directory Database Integrity
Disabling and Enabling the Outbound Replication
DFS Replication Service Stopped Replication
Strict Replication Consistency
The replication operation failed because of a schema mismatch between the servers involved
Troubleshooting ad replication error 8418 the replication operation failed because of a schema mismatch between the servers
Replication information in txt file
Repadmin Replsummary
Enabling the outbound replication
Guys please don’t forget to like and share the post.Also join our WindowsTechno Community and where you can post your queries/doubts and our experts will address them .
You can also share the feedback on below windows techno email id.
If you have any questions feel free to contact us on admin@windowstechno.com also follow us on facebook@windowstechno to get updates about new blog posts.