Enabling debug logging for the Net Logon service



Microsoft tool to trace and track which system/users is having account lockout problem either caused by user or by worm_Conficker. Account Lockout and Management Tools

After downloading the executable file, you should extract it to any folder. Before using the tool, you would need to active debug logging on your Domain Controller first.

To active, you need to add a registry key into you Domain Controller. Here is the link to Microsoft webpage.

 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DBFlag hexadecimal value of 2080FFFF to enable 0 to disable.

Or you could use this command to enable and disable Net Logon Service and debugging too. Remember to restart the netlogon service after enable/disable of the debug logging.

Enable debug logging -> nltest /dbflag:0x2080ffff
Disable debug logging -> nltest /dbflag:0x0

Stop Net Logon Service -> net stop netlogon
Start Net Logon Service -> net start netlogon

Nltest is included as part of Windows Server 2008 and is also available as part of the Support Tools packages on the installation media for Windows Server 2003, Windows XP, and Windows 2000.

The netlogon.log is normally under debug folder in the Windows system directory of your Domain Controller which you enable the debug logging.

To delete the netlogon.log file after debugging, you would need to stop the netlogon service before deletion. After deletion you can start back the net logon service again. The commands to do so is as follows.

net stop netlogondel netlogon.lognet start netlogon

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s