Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Here are the details you will see in the netlogon debug log on the client and the DC for a SUCCESSFUL secure channel reset:
Note: Running "netdom reset <client> /___domain:<___domain> /server:<DCname> /usero:<___domain>\administrator /passwordo:*" instead of ntltest renders the exact same debug information - basically the same action is being taken.
<___domain.com> = FQDN
<DOMAIN> = netbios ___domain name
<CLIENT> = netbios name of client
<IP of DC> = IP of the DC
<DCname> = DC's netbios name
- Windows XP SP2 netlogon debug log entries while running "nltest /sc_reset:<___domain>\<DCname>”:
01/31 13:56:53 [SESSION] NETLOGON_CONTROL_REDISCOVER function received.
01/31 13:56:53 [MAILSLOT] NetpDcPingListIp: <___domain.com>.: Sent UDP ping to <IP of DC>
01/31 13:56:53 [MISC] NlPingDcNameWithContext: Sent 1/1 ldap pings to <DCname>
01/31 13:56:53 [MAILSLOT] NlPingDcNameWithContext: Sent 'Sam Logon' message to <DCname>[00] on (null).
-> (The above 4 lines are Netlogon running a rediscovery/ping of the DC. I omitted this from the 2000 debug log below)
01/31 13:56:53 [MISC] NlPingDcNameWithContext: <DCname> responded over IP.
01/31 13:56:53 [MISC] <DOMAIN>: NlPingDcName: <DOMAIN>: <___domain.com>.: Caching pinged DC info for <DCname>
01/31 13:56:53 [SESSION] <DOMAIN>: NetrLogonControl: Successful response from DC <DCname>
01/31 13:56:53 [SESSION] <DOMAIN>: NlSetStatusClientSession: Set connection status to c000005e
01/31 13:56:53 [SESSION] <DOMAIN>: NlSessionSetup: Try Session setup
01/31 13:56:53 [SESSION] <DOMAIN>: NlSetStatusClientSession: Set connection status to 0
01/31 13:56:53 [DOMAIN] Setting LSA NetbiosDomain: <DOMAIN> DnsDomain: <___domain.com>. DnsTree: <___domain.com>. DomainGuid:7ec5ada6-a412-4b9f-9c40-21079e438d6f
01/31 13:56:53 [LOGON] NlSetForestTrustList: New trusted ___domain list:
01/31 13:56:53 [LOGON] 0: <DOMAIN> <___domain.com> (NT 5) (Forest Tree Root) (Primary Domain) (Native)
01/31 13:56:53 [LOGON] Dom Guid: 7ec5ada6-a412-4b9f-9c40-21079e438d6f
01/31 13:56:53 [LOGON] Dom Sid: S-1-5-21-1444530721-2061370028-146505126
01/31 13:56:53 [SESSION] <DOMAIN>: NlSetStatusClientSession: Set connection status to 0
01/31 13:56:53 [SESSION] <DOMAIN>: NlSessionSetup: Session setup Succeeded
Windows 2000 SP4 netlogon debug log entries while running "nltest /sc_reset:<___domain>\<DCname>":
01/31 14:23:52 [MISC] NlPingDcNameWithContext: <DCname> responded over IP.
01/31 14:23:52 [MISC] <DOMAIN>: NlPingDcName: <DOMAIN>: <___domain.com>.: Caching pinged DC info for <DCname>
01/31 14:23:52 [SESSION] <DOMAIN>: NetrLogonControl: Successful response from DC <DCname>
01/31 14:23:52 [SESSION] <DOMAIN>: NlSetStatusClientSession: Set connection status to c000005e
01/31 14:23:52 [SESSION] <DOMAIN>: NlSessionSetup: Try Session setup
01/31 14:23:52 [SESSION] <DOMAIN>: NlSetStatusClientSession: Set connection status to 0
01/31 14:23:52 [DOMAIN] Setting LSA NetbiosDomain: <DOMAIN> DnsDomain: <___domain.com>. DnsTree: <___domain.com>. DomainGuid:7ec5ada6-a412-4b9f-9c40-21079e438d6f
01/31 14:23:52 [LOGON] NlSetForestTrustList: New trusted ___domain list:
01/31 14:23:52 [LOGON] 0: <DOMAIN> <___domain.com> (NT 5) (Forest Tree Root) (Primary Domain) (Native)
01/31 14:23:52 [LOGON] Dom Guid: 7ec5ada6-a412-4b9f-9c40-21079e438d6f
01/31 14:23:52 [LOGON] Dom Sid: S-1-5-21-1444530721-2061370028-146505126
01/31 14:23:52 [SESSION] <DOMAIN>: NlSetStatusClientSession: Set connection status to 0
01/31 14:23:52 [SESSION] <DOMAIN>: NlSessionSetup: Session setup Succeeded
XP's reset logged in the Windows 2003 DC's Netlogon log:
01/31 13:56:53 [MAILSLOT] Received ping from <CLIENT> <___domain.com>. <CLIENT>$ on UDP LDAP
01/31 13:56:53 NO_CLIENT_SITE: <CLIENT> <IP of client>
01/31 13:56:53 [MAILSLOT] Ping response 'Sam Logon Response Ex' <CLIENT>$ to \\<CLIENT> Site: (null) on UDP LDAP
01/31 13:56:53 [MAILSLOT] <DCNAME>: Received 'Sam Logon' message on \Device\NetBT_Tcpip_{25A3660A-55D7-4A50-AD1F-CC1A465CA4D3}
01/31 13:56:53 NO_CLIENT_SITE: <CLIENT> <IP of client>
01/31 13:56:53 [MAILSLOT] Ping response 'Sam Logon Response Ex' <CLIENT>$ to \\<CLIENT> Site: (null) on \Device\NetBT_Tcpip_{25A3660A-55D7-4A50-AD1F-CC1A465CA4D3}
01/31 13:56:53 [SESSION] NetrServerAuthenticate entered: <CLIENT> on account <CLIENT>$ (Negot: 600fffff)
01/31 13:56:53 [SESSION] NetrServerAuthenticate returns Success: <CLIENT> on account <CLIENT>$ (Negot: 600fffff)
01/31 13:56:53 [SESSION] NetrLogonGetDomainInfo: <CLIENT> 1 Entered
01/31 13:56:53 [SESSION] NetrLogonGetDomainInfo: <CLIENT> is running NT 5.1 build 2600 (1)
01/31 13:56:53 [MISC] NetrLogonGetDomainInfo: DnsHostName of <CLIENT> is <client>.<___domain.com>
01/31 13:56:53 [SESSION] NetrLogonGetDomainInfo: <CLIENT> 1 Returns 0x0
2000's reset logged in the Windows 2003 DC's Netlogon log:
01/31 14:23:52 [MAILSLOT] <DCNAME>: Received 'Sam Logon' message on \Device\NetBT_Tcpip_{25A3660A-55D7-4A50-AD1F-CC1A465CA4D3}
01/31 14:23:52 NO_CLIENT_SITE: <CLIENT> <IP of client>
01/31 14:23:52 [MAILSLOT] Ping response 'Sam Logon Response Ex' <CLIENT>$ to \\<CLIENT> Site: (null) on \Device\NetBT_Tcpip_{25A3660A-55D7-4A50-AD1F-CC1A465CA4D3}
01/31 14:23:52 [SESSION] NetrServerAuthenticate entered: <CLIENT> on account <CLIENT>$ (Negot: 6007ffff)
01/31 14:23:52 [SESSION] NetrServerAuthenticate returns Success: <CLIENT> on account <CLIENT>$ (Negot: 6007ffff)
01/31 14:23:52 [SESSION] NetrLogonGetDomainInfo: <CLIENT> 1 Entered
01/31 14:23:52 [SESSION] NetrLogonGetDomainInfo: <CLIENT> is running NT 5.0 build 2195 (1)
01/31 14:23:52 [MISC] NetrLogonGetDomainInfo: DnsHostName of <CLIENT> is <client>.<___domain.com>
01/31 14:23:52 [SESSION] NetrLogonGetDomainInfo: <CLIENT> 1 Returns 0x0
Comments
- Anonymous
May 29, 2009
PingBack from http://paidsurveyshub.info/story.php?title=jakeberm-what-you-will-see-in-a-netlogon-debug-log-on-client-and-dc