Active Directory

Logging with the Netlogon service

Netlogon service

This post is regarding to enable logging of the Netlogon service in Windows in order to monitor or troubleshoot authentication, DC locator, account lockout, or other domain communication-related issues.

The Netlogon service is one of the important Local Security Authority (LSA) processes that run on each and every domain controller. We can troubleshoot authentication problems, analyzing the Netlogon service log files can be useful.

These logs can be used to account lockout issue, authentication and also can tract the authentication request if there is any application or tools is hard coded with any of domain controllers. The NETLOGON log file will provide a detailed logging of all NETLOGON events and helps you to trace the originating device on which the logon attempts (and subsequent lockout) occurs.

To enable NETLOGON logging, run the following command (from an elevated command prompt):

NetLogon Debugging Command-Enabling .png

There is no need to restart the net logon service.Once command executed it will start to written the authentication details in this file.

The logging is written to a single file:  %SYSTEMROOT%\debug\Netlogon.log. By default the size of this file is 20 MB and once logs reached to 20 MB it start overwritten the old log files.

NetLogonLogs.png

You can see the above netlogon debugging logs file under %SYSTEMROOT%\debug folder.Open the file and you will get details information about authentication or lockout issue.

NetLogonLogs-Authentication.png

You can also increase or decrease the size of this file by adding the DWORD value MaximumLogFileSize in registry key of domain controllers.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters) specifies the maximum log file size in bytes. Do note that the actual disk space needed is two times that value: when the Netlogon.log reached the maximum size, it is rotated to Netlogon.bak.

LogFileIncreaseRegistry-.png

Once you’re finished debugging, run the following command to disable debug logging:

nltest /dbflag:0x0

NetLogonDebuggingCommand-Disabling.png

Also Check this.

What is ntds.dit and where its held? What other folders are related to AD?

So, that’s all in this blog. I will meet you soon with next stuff .Have a nice day !!!

Recommended content

RODC Installation Guide- Step by step guide to install read only domain controller

RODC Filtered Attribute Set

Installing and configuring a RODC in Windows Server-2012

How to find the GUID of Domain Controller

Understanding Group Policy Preferences

Group Policy Verification Tool GPOTool Exe

Group Policy Health Check on Specific Domain Controller

Netlogon Folder in Active Directory

Custom Attributes in Active Directory

Tombstone Lifetime of My Active Directory Forest

Computers AD Site From the Command Line

Active Directory Database Integrity

Disabling and Enabling the Outbound Replication

DFS Replication Service Stopped Replication

Strict Replication Consistency

The replication operation failed because of a schema mismatch between the servers involved

Troubleshooting ad replication error 8418 the replication operation failed because of a schema mismatch between the servers

Replication information in txt file

Repadmin Replsummary

Enabling the outbound replication

Guys please don’t forget to like and share the post.Also join our WindowsTechno Community and where you can post your queries/doubts and our experts will address them .

You can also share the feedback on below windows techno email id.

If you have any questions feel free to contact us on admin@windowstechno.com also follow us on facebook@windowstechno to get updates about new blog posts.

How useful was this post?

Click on a star to rate it!

As you found this post useful...

Follow us on social media!

Was this article helpful?
YesNo

Vipan Kumar

He is an Active Directory Engineer. He has been working in IT industry for more than 10 years. He is dedicated and enthusiastic information technology expert who always ready to resolve any technical problem. If you guys need any further help on subject matters, feel free to contact us on admin@windowstechno.com Please subscribe our Facebook page as well website for latest article. https://www.facebook.com/windowstechno
Back to top button