在今天的帖子中,我们将详细介绍如何在Windows 10上启用或禁用(Windows 10)Netlogon服务的调试日志记录,以监控或解决身份验证、DC 定位器、帐户锁定或其他与域通信相关的问题。
Netlogon是一个Windows Server进程,用于对域内的用户和其他服务进行身份验证。由于它是一项服务而不是应用程序,因此Netlogon会在后台持续运行,除非它被手动停止或因运行时错误而停止。可以从命令行终端停止或重新启动Netlogon 。
(Netlogon)工作站(Workstation)服务启动后, Netlogon开始在后台运行。工作站服务使用(Workstation)服务器消息块(Server Message Block)协议(一种标准的Windows网络协议)控制所有网络连接和共享设备。除了Netlogon之外,Workstation服务还管理计算机浏览器(Computer Browser)和远程桌面配置(Remote Desktop Configuration)服务。这种网络服务层次结构确保了网络上所有节点之间的可靠通信和安全性。
Netlogon服务专门用于验证用户凭据和其他服务,而计算机(Netlogon)浏览器(Computer Browser)维护网络上的计算机列表,远程桌面配置(Remote Desktop Configuration)管理所有远程桌面进程。如果Netlogon停止,Windows Server的许多功能都会受到影响,因为用户无法再登录其帐户,并且域控制器无法自动注册包含用户登录信息的域名系统记录。(Domain Name System)
为Netlogon(Netlogon)服务启用调试(Debug)日志记录
启用或禁用Netlogon服务的调试日志记录的过程需要修改注册表。因此,建议您备份注册表(back up the registry) 或 创建系统还原点 作为预防措施,以防程序出错。
默认情况下,包含跟踪的Netlogon.dll版本安装在所有当前支持的Windows版本上。要启用调试日志记录,请通过命令提示符(command prompt)或注册表使用(registry)Nltest.exe设置所需的调试标志。
通过命令提示符启用或禁用调试日志记录
要启用,请执行以下操作:
- 启动命令提示符(单击开始并键入cmd,然后按 Enter)。
- 在命令提示符窗口中,复制并粘贴以下命令,然后按 Enter(Enter):
Nltest /DBFlag:2080FFFF
要禁用,请执行以下操作:
- 启动命令提示符(Command Prompt)(单击开始(Click Start)并键入 cmd,然后按 Enter 键(Enter))。
- 在命令提示符窗口中,复制并粘贴以下命令,然后按 Enter(Enter):
Nltest /DBFlag:0x0
通过注册表(Registry)启用或禁用调试日志记录
要启用它,请执行以下操作:
- 启动注册表编辑器(按 Windows 键并键入regedit,然后按 Enter)。
- 导航到以下注册表项:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DBFlag
如果DBFlag存在,则删除注册表项的Reg_SZ值,创建一个同名的REG_DWORD值,然后添加(REG_DWORD)2080FFFF十六进制值。
要禁用,请执行以下操作:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DBFlag
- 将 DBFlag 数据值更改为0x0。
- 退出注册表编辑器。
在这两种情况下,通常不需要停止并重新启动Windows 2000 Server/Professional或更高版本操作系统的Netlogon服务来禁用Netlogon日志记录。Netlogon相关活动记录到:
%windir%\debug\netlogon.log
验证是否没有新信息写入此日志以确定是否需要重新启动Netlogon服务。如果您必须重新启动服务,请打开管理命令提示符(Command Prompt)窗口,然后运行以下命令:
net stop netlogon
net start netlogon
Microsoft 还提供了用于启用或禁用它的Easy Fixes ,您可以(Easy Fixes)在此处下载(download here)。
That’s it, folks! Hope you find this post useful.
How to enable Debug logging for Netlogon service on Windows 10
In today’s pоst, we will detail the stеps on how to enable оr disable debug logging of the Netlogon serνice on Windows 10, in order to monіtor or troubleshoot authentication, DC locator, account loсkout, or other domain communicatіon-related issueѕ.
Netlogon is a Windows Server process that authenticates users and other services within a domain. Since it is a service and not an application, Netlogon continuously runs in the background, unless it is stopped manually or by a runtime error. Netlogon can be stopped or restarted from the command-line terminal.
Netlogon starts running in the background after the Workstation service has started. The Workstation service controls all network connections and shared devices using the Server Message Block protocol, a standard Windows network protocol. In addition to Netlogon, the Workstation service manages the Computer Browser and Remote Desktop Configuration services. This hierarchy of network services ensures reliable communication and security across all nodes on a network.
The Netlogon service focuses specifically on verifying user credentials and other services, while Computer Browser maintains a list of computers on the network and Remote Desktop Configuration manages all remote desktop processes. If Netlogon is stopped, many Windows Server functions are affected as users can no longer log in to their accounts and the domain controller cannot automatically register Domain Name System records, which contain user login information.
Enable Debug logging for Netlogon service
The procedure to enable or disable debug logging for Netlogon service requires registry modification. So, it’s recommended you back up the registry or create a system restore point as a precautionary measure in case the procedure goes wrong.
The version of Netlogon.dll that has tracing included is installed by default on all currently supported versions of Windows. To enable debug logging, set the debug flag that you want by using Nltest.exe via command prompt or registry.
Enable or disable debug logging via command prompt
To enable, do the following:
- Launch Command Prompt (Click Start and type cmd, then hit Enter).
- In the command prompt window, copy and paste the command below and hit Enter:
Nltest /DBFlag:2080FFFF
To disable, do the following:
- Launch Command Prompt (Click Start and type cmd, then hit Enter).
- In the command prompt window, copy and paste the command below and hit Enter:
Nltest /DBFlag:0x0
Enable or disable debug logging via the Registry
To enable it, do the following:
- Launch Registry Editor (press Windows key and type regedit, then hit Enter).
- Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DBFlag
If DBFlag exists, delete the Reg_SZ value of the registry entry, create a REG_DWORD value with the same name, and then add the 2080FFFF hexadecimal value.
- Exit the registry editor.
To disable, do the following:
- Launch Registry Editor.
- Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DBFlag
- Change the DBFlag data value to 0x0.
- Exit registry editor.
In both cases, it’s typically not necessary to stop and restart the Netlogon service for Windows 2000 Server/Professional or later versions of the operating system to disable Netlogon logging. Netlogon-related activity is logged to:
%windir%\debug\netlogon.log
Verify that no new information is being written to this log in order to determine whether a restart of the Netlogon service is necessary. If you have to restart the service, then open an administrative Command Prompt window, and then run the following commands:
net stop netlogon
net start netlogon
Microsoft also offers Easy Fixes for enabling or disabling it, which you can download here.
That’s it, folks! Hope you find this post useful.