In today’s post, we will detail the steps to enable or disable debug logging for the Netlogon service on Windows 10, to monitor or troubleshoot authentication, the DC locator, account lockout, or other problems related to domain communication.
Netlogon is a Windows Server process that authenticates users and other services within a domain. Since it is a service and not an application, Netlogon runs continuously in the background, unless it is stopped manually or by a runtime error. Netlogon can be stopped or restarted from the command line terminal.
Netlogon starts to run in the background after the Workplace the service has started. The Workstation service monitors all network connections and shared devices using the Server Message Block protocol, a standard Windows network protocol. In addition to Netlogon, the Workstation service manages the Computer browser and Remote desktop configuration services. This hierarchy of network services guarantees reliable communication and security on all nodes of a network.
The Netlogon service specifically focuses on verifying user credentials and other services, while the computer browser maintains a list of computers on the network and the remote desktop configuration manages all of the processes. remote office. If Netlogon is stopped, many Windows Server functions are affected because users can no longer log into their accounts and the domain controller cannot automatically register domain name system records, which contain user logon information .
Enable debug logging for the Netlogon service
The procedure to enable or disable debug logging for the Netlogon service requires editing the registry. It is therefore recommended to back up the registry or create a system restore point as a precaution in the event of a problem.
The version of Netlogon.dll that includes tracking is installed by default on all currently supported versions of Windows. To enable debug logging, set the desired debug flag using Nltest.exe via command prompt or recording.
Enable or disable debug logging via the command prompt
To activate it, proceed as follows:
-
Launch the command prompt (click on Start and type cmd, then press Enter).
- In the command prompt window, copy and paste the command below and press Enter:
Nltest /DBFlag:2080FFFF
To deactivate, do the following:
- Launch the command prompt (click Start and type cmd, then press Enter).
- In the command prompt window, copy and paste the command below and press Enter:
Nltest /DBFlag:0x0
Enable or disable debug logging via the registry
To activate it, proceed as follows:
-
Launch the Registry Editor (press the Windows key and type regedit, then press Enter).
- Access the following registry key:
HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services Netlogon Parameters DBFlag
Yes DBFlag exists, delete the Reg_SZ value from the registry entry, create a REG_DWORD value with the same name, and then add the 2080FFFF hexadecimal value.
- Exit the registry editor.
To deactivate, do the following:
- Launch the Registry Editor.
- Access the following registry key:
HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services Netlogon Parameters DBFlag
- Replace the DBFlag data value with 0x0.
- Exit the registry editor.
In either case, it is generally not necessary to stop and restart the Netlogon service for Windows 2000 Server / Professional or later versions of the operating system to disable Netlogon logging. The activity linked to Netlogon is connected to:
% windir% debug netlogon.log
Verify that no new information is written to this log to determine if a restart of the Netlogon service is necessary. If you need to restart the service, open a command prompt administration window, and then run the following commands:
net stop netlogon
net start netlogon
Microsoft also offers Easy corrections to turn it on or off, which you can Download here.
That’s it, friends! I hope you find this post useful.