Twitter
Facebook
Flickr
RSSEnabling debug logging for the Net Logon service
| Article ID | : | 109626 |
| Last Review | : | April 21, 2008 |
| Revision | : | 9.0 |
This article was previously published under Q109626
SUMMARY
This article details the steps to enable logging of debug information by using a debug version of Net Logon and the required debug DLLs.
MORE INFORMATION
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
Note As an alternate method, you can set the dbflag without using the registry. To do this run the following command from a command prompt:
After you finish debugging, you can run the nltest /dbflag:0x0 command from a command prompt to reset the debug flag to 0. For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
Note A Netlogon 3051 eventlog error may be returned and the Net Logon service may not respond to start if the value entered for DBFlag is not entered as a hex value, for example, 0x2400ffff.
This may start logging the Net Logon-related activity to %windir%debugnetlogon.log.
322756 (http://support.microsoft.com/kb/322756/) How to back up and restore the registry in Windows
Windows Server 2008, Windows Vista, Windows Server 2003, Windows XP Professional, and Windows 2000 Server versions
The version of Netlogon.dll that has tracing included is installed by default. To enable debug logging, set the debug flag that you want in the registry and restart the service by using the following steps:| 1. | Start the Regedt32 program. | ||||||
| 2. | Delete the Reg_SZ value of the following registry entry, create a REG_DWORD value with the same name, and then add the 2080FFFF hexadecimal value. HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetlogonParametersDBFlag | ||||||
| 3. | At a command prompt, type net stop netlogon, and then type net start netlogon. This enables debug logging. | ||||||
| 4. | To disable debug logging, change the data value to 0x0 in the following registry key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetlogonParametersDBFlag | ||||||
| 5. | Quit Regedt32. | ||||||
| 6. | Stop Net Logon, and then restart Net Logon. Notes
|
nltest /dbflag:0x2080ffff
Nltest is included as part of Windows Server 2008 and is also available as part of the Support Tools packages on the installation media for Windows Server 2003, Windows XP, and Windows 2000. After you finish debugging, you can run the nltest /dbflag:0x0 command from a command prompt to reset the debug flag to 0. For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
247811 (http://support.microsoft.com/kb/247811/) How domain controllers are located in Windows
189541 (http://support.microsoft.com/kb/189541/) Using the checked Netlogon.dll to track account lockouts
Note This is the public version of this article. ////////////////////////////////////////////////////////////////////////
// Windows Server 2008, Windows Vista, Windows Server 2003, Windows 2000 Debug flags and their values
////////////////////////////////////////////////////////////////////////
#define NL_INIT 0x00000001 // Initialization
#define NL_MISC 0x00000002 // Misc debug
#define NL_LOGON 0x00000004 // Logon processing
#define NL_SYNC 0x00000008 // Synchronization and replication
#define NL_MAILSLOT 0x00000010 // Mailslot messages
#define NL_SITE 0x00000020 // Sites
#define NL_CRITICAL 0x00000100 // Only real important errors
#define NL_SESSION_SETUP 0x00000200 // Trusted Domain maintenance
#define NL_DOMAIN 0x00000400 // Hosted Domain maintenance
#define NL_2 0x00000800
#define NL_SERVER_SESS 0x00001000 // Server session maintenance
#define NL_CHANGELOG 0x00002000 // Change Log references
#define NL_DNS 0x00004000 // DNS name registration
//
// Very verbose bits
//
#define NL_WORKER 0x00010000 // Debug worker thread
#define NL_DNS_MORE 0x00020000 // Verbose DNS name registration
#define NL_PULSE_MORE 0x00040000 // Verbose pulse processing
#define NL_SESSION_MORE 0x00080000 // Verbose session management
#define NL_REPL_TIME 0x00100000 // replication timing output
#define NL_REPL_OBJ_TIME 0x00200000 // replication objects get/set timing output
#define NL_ENCRYPT 0x00400000 // debug encrypt and decrypt across net
#define NL_SYNC_MORE 0x00800000 // additional replication dbgprint
#define NL_PACK_VERBOSE 0x01000000 // Verbose Pack/Unpack
#define NL_MAILSLOT_TEXT 0x02000000 // Verbose Mailslot messages
#define NL_CHALLENGE_RES 0x04000000 // challenge response debug
#define NL_SITE_MORE 0x08000000 // Verbose sites
//
// Control bits.
//
#define NL_INHIBIT_CANCEL 0x10000000 // Don't cancel API calls
#define NL_TIMESTAMP 0x20000000 // TimeStamp each output line
#define NL_ONECHANGE_REPL 0x40000000 // Only replicate one change per call
#define NL_BREAKPOINT 0x80000000 // Enter debugger on startup
Setting up to debug Net Logon on Windows NT 3.51
| 1. | CD %windir%system32 |
| 2. | Rename Lsass.exe Lsass.fre |
| 3. | Rename Lsasrv.dll Lsasrv.fre |
| 4. | Rename Netlogon.dll Netlogon.free |
| 5. | Copy the checked version of Lsass.exe, Lsasrv.dll and Netlogon.dll to the System32 directory. You can obtain the checked version from the DDK. |
| 6. | CD %windir% |
| 7. | MD debug |
| 8. | Start Regedt32 |
| 9. | Change the REG_DWORD value of the following registry key to 2080FFFF, and then quit Regedt32. HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetlogonParametersDBFlag |
Set up to debug Net Logon on Windows NT 4.0
| 1. | CD %windir%system32. |
| 2. | Rename Netlogon.dll Netlogon.free. |
| 3. | Copy the checked version of Netlogon.dll to the system32 directory. You can obtain the checked version from the DDK. |
| 4. | Start Regedt32. |
| 5. | Delete the Reg_SZ value of the following registry entry, create a REG_DWORD value with the same name, and then add the 2080FFFF hexadecimal value. HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetlogonParametersDBFlag |
| 6. | Quit Regedt32, and then restart the server |
| 7. | Confirm that the debug directory was created under the %windir% directory and contains a Netlogon.log file. |
////////////////////////////////////////////////////////////////////////
//
// 3.5, 3.51 and 4.00 Debug flags and their values.
//
////////////////////////////////////////////////////////////////////////
#define NL_INIT 0x00000001 // Initialization
#define NL_MISC 0x00000002 // Misc debug
#define NL_LOGON 0x00000004 // Logon processing
#define NL_SYNC 0x00000008 // Synchronization and
replication
#define NL_MAILSLOT 0x00000010 // Mailslot messages
#define NL_PULSE 0x00000020 // Pulse processing
#define NL_CRITICAL 0x00000100 // Only real important errors
#define NL_SESSION_SETUP 0x00000200 // Trusted Domain maintenance
#define NL_DOMAIN 0x00000400 // Hosted Domain maintenance
#define NL_PACK 0x00000800 // Pack/Unpack of sync messages
#define NL_SERVER_SESS 0x00001000 // Server session maintenance
#define NL_CHANGELOG 0x00002000 // Change Log references
#define NL_DNS 0x00004000 // DNS name registration
//
// Very verbose bits
//
#define NL_DNS_MORE 0x00020000 // Verbose DNS name registration
#define NL_PULSE_MORE 0x00040000 // Verbose pulse processing
#define NL_SESSION_MORE 0x00080000 // Verbose session management
#define NL_REPL_TIME 0x00100000 // replication timing output
#define NL_REPL_OBJ_TIME 0x00200000 // replication objects get/set
timing
output
#define NL_ENCRYPT 0x00400000 // debug encrypt and decrypt
across
net
#define NL_SYNC_MORE 0x00800000 // additional replication
dbgprint
#define NL_PACK_VERBOSE 0x01000000 // Verbose Pack/Unpack
#define NL_MAILSLOT_TEXT 0x02000000 // Verbose Mailslot messages
#define NL_CHALLENGE_RES 0x04000000 // challenge response debug
#define NL_NETLIB 0x08000000 // Netlogon portion of Netlib
//
// Control bits.
//
#ifdef DONT_REQUIRE_ACCOUNT<BR/>
#define NL_DONT_REQUIRE_ACCOUNT 0x00020000 // Don't require
account on
DC discovery
#endif DONT_REQUIRE_ACCOUNT
#define NL_INHIBIT_CANCEL 0x10000000 // Don't cancel API calls
#define NL_TIMESTAMP 0x20000000 // TimeStamp each output line
#define NL_ONECHANGE_REPL 0x40000000 // Only replicate one change per
call
#define NL_BREAKPOINT 0x80000000 // Enter debugger on startup
////////////////////////////////////////////////////////////////////////
//
// 3.1 Debug flags and their values.
//
////////////////////////////////////////////////////////////////////////
#define NL_INIT 0x00000001 // Initialization
#define NL_MISC 0x00000002 // Misc debug
#define NL_LOGON 0x00000004 // Logon processing
#define NL_SYNC 0x00000008 // Synchronization and
replication
#define NL_MAILSLOT 0x00000010 // Mailslot messages
#define NL_PULSE 0x00000020 // Pulse processing
#define NL_CRITICAL 0x00000100 // Only real important errors
#define NL_SESSION_SETUP 0x00000200 // Trusted Domain maintenance
#define NL_PACK 0x00000800 // Pack/Unpack of sync messages
#define NL_SERVER_SESS 0x00001000 // Server session maintenance
#define NL_CHANGELOG 0x00002000 // Change Log references
//
// Very verbose bits
//
#define NL_PULSE_MORE 0x00040000 // Verbose pulse processing
#define NL_SESSION_MORE 0x00080000 // Verbose session management
#define NL_REPL_TIME 0x00100000 // replication timing output
#define NL_REPL_OBJ_TIME 0x00200000 // replication objects get/set
timing output
#define NL_ENCRYPT 0x00400000 // debug encrypt and decrypt
across net
#define NL_SYNC_MORE 0x00800000 // additional replication
dbgprint
#define NL_PACK_VERBOSE 0x01000000 // Verbose Pack/Unpack
#define NL_MAILSLOT_TEXT 0x02000000 // Verbose Mailslot messages
#define NL_CHALLENGE_RES 0x04000000 // challenge response debug
#define NL_NETLIB 0x08000000 // Netlogon portion of Netlib
//
// Control bits.
//
#define NL_INHIBIT_CANCEL 0x10000000 // Don't cancel API calls
#define NL_TIMESTAMP 0x20000000 // TimeStamp each output line
#define NL_ONECHANGE_REPL 0x40000000 // Only replicate one change per
call
#define NL_BREAKPOINT 0x80000000 // Enter debugger on startup
Opcode values that are returned in the Netlogon Logs for Troubleshooting
#define LOGON_REQUEST 0 // LM1.0/2.0 LOGON Request from
client
#define LOGON_RESPONSE 1 // LM1.0 Response to
LOGON_REQUEST
#define LOGON_CENTRAL_QUERY 2 // LM1.0 QUERY for centralized
init
#define LOGON_DISTRIB_QUERY 3 // LM1.0 QUERY for non-
centralized init
#define LOGON_CENTRAL_RESPONSE 4 // LM1.0 response to
LOGON_CENTRAL_QUERY
#define LOGON_DISTRIB_RESPONSE 5 // LM1.0 resp to
LOGON_DISTRIB_QUERY
#define LOGON_RESPONSE2 6 // LM2.0 Response to
LOGON_REQUEST
#define LOGON_PRIMARY_QUERY 7 // QUERY for Primary DC
#define LOGON_START_PRIMARY 8 // announce startup of Primary
DC
#define LOGON_FAIL_PRIMARY 9 // announce failed Primary DC
#define LOGON_UAS_CHANGE 10 // announce change to UAS or SAM
#define LOGON_NO_USER 11 // announce no user on machine
#define LOGON_PRIMARY_RESPONSE 12 // response to
LOGON_PRIMARY_QUERY
#define LOGON_RELOGON_RESPONSE 13 // LM1.0/2.0 resp to relogn
request
#define LOGON_WKSTINFO_RESPONSE 14 // LM1.0/2.0 resp to interrogate
request
#define LOGON_PAUSE_RESPONSE 15 // LM2.0 resp when NETLOGON is
paused
#define LOGON_USER_UNKNOWN 16 // LM2.0 response when user is
unknown
#define LOGON_UPDATE_ACCOUNT 17 // LM2.1 announce account
updates
#define LOGON_SAM_LOGON_REQUEST 18 // SAM LOGON request from client
#define LOGON_SAM_LOGON_RESPONSE 19 // SAM Response to SAM logon
request
#define LOGON_SAM_PAUSE_RESPONSE 20 // SAM response when NETLOGON is
paused
#define LOGON_SAM_USER_UNKNOWN 21 // SAM response when user is
unknown
#define LOGON_SAM_WKSTINFO_RESPONSE 22 // SAM response to
interrogate request
| 1. | Net Stop Netlogon |
| 2. | Net Start Netlogon. |
APPLIES TO
| • | Microsoft Windows Server 2003, Standard Edition (32-bit x86) |
| • | Microsoft Windows Server 2003, Enterprise Edition (32-bit x86) |
| • | Microsoft Windows Server 2003, Datacenter Edition (32-bit x86) |
| • | Microsoft Windows Server 2003, Web Edition |
| • | Microsoft Windows XP Professional |
| • | Microsoft Windows 2000 Server |
| • | Microsoft Windows 2000 Advanced Server |
| • | Microsoft Windows 2000 Datacenter Server |
| • | Microsoft Windows NT Advanced Server 3.1 |
| • | Microsoft Windows NT Server 3.5 |
| • | Microsoft Windows NT Server 3.51 |
| • | Microsoft Windows NT Server 4.0 Standard Edition |
| • | Microsoft Windows NT Workstation 3.1 |
| • | Microsoft Windows NT Workstation 3.5 |
| • | Microsoft Windows NT Workstation 3.51 |
| • | Microsoft Windows NT Workstation 4.0 Developer Edition |
| • | Windows Server 2008 Standard |
| • | Windows Server 2008 Enterprise |
| • | Windows Server 2008 Standard without Hyper-V |
| • | Windows Server 2008 for Itanium-Based Systems |
| • | Windows Server 2008 Enterprise without Hyper-V |
| • | Windows Vista Ultimate |
| • | Windows Vista Home Premium |
| • | Windows Vista Home Basic |
| • | Windows Vista Enterprise |
| • | Windows Vista Business |
Back to the topKeywords: | kbhowto kbusage KB109626 |
0 意見 (+add yours?)
張貼留言