Announcement

Collapse
No announcement yet.

clear netlogon.log on DCs?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • clear netlogon.log on DCs?

    hey guys,
    got a quick Question for you guys.

    does any one has a good idea on how I could clear the netlogon.log file on the DCs?
    I want a fresh log start and it can not be deleted/etc since it is in use.
    I don't want to reboot the DCs in safe mode,etc. for clearing the log file since I got many DCs and I am lazy
    I know I probably could it , but thought maybe you got a good idea b4 I escalate this to , that is why we are here
    Last edited by Akila; 14th July 2008, 13:12.

  • #2
    Re: clear netlogon.log on DCs?

    C:\> net stop netlogon

    C:\>del netlogon.log *OR EVEN BETTER* ren netlogon.log netlogon071408.txt

    C:\> net start netlogon

    nuff said.


    Tom
    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

    Anything you say will be misquoted and used against you

    Comment


    • #3
      Re: clear netlogon.log on DCs?

      stopping netlogon service wouldn't stop the DC from operating (SYSVOL etc)?
      it would be a bit difficult running a script on all DCs at one go....
      is there any Registry key or something like that that could do the trick?
      Last edited by Akila; 14th July 2008, 14:14.

      Comment


      • #4
        Re: clear netlogon.log on DCs?

        Originally posted by Akila View Post
        stopping netlogon service wouldn't stop the DC from operating (SYSVOL etc)?
        it would be a bit difficult running a script on all DCs at one go....
        is there any Registry key or something like that that could do the trick?
        No of course it wouldn't - but it would stop the DC writing to NETLOGON.LOG because it's the NETLOGON service which does this... and that's what you were asking for. It has the side benefit that it stops user logons at that DC which means that there would be no entries to write to NETLOGON.LOG anyway.

        You would not do this on all DC's at once; you would run a script to do this one DC at a time; I reckon you could have twenty DCs done inside half an hour.
        Last edited by Stonelaughter; 14th July 2008, 15:02.


        Tom
        For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

        Anything you say will be misquoted and used against you

        Comment


        • #5
          Re: clear netlogon.log on DCs?

          heem I guess you right, but I am almost certain that once netlogon service is stopped the SYSVOL share could not be access.
          Netlogon is responsible for shares among other things (like SRV record registration in the DNS,etc).

          Comment


          • #6
            Re: clear netlogon.log on DCs?

            Originally posted by Akila View Post
            heem I guess you right, but I am almost certain that once netlogon service is stopped the SYSVOL share could not be access.
            Netlogon is responsible for shares among other things (like SRV record registration in the DNS,etc).
            It will only be "Out" for like 60 seconds... if you do this at 2am by means of a script and scheduled tasks, noone will even notice; and don't forget the SYSVOL share is on the DOMAIN, not on a server; users and computers look for \\domain.local\sysvol. If you do this for 60 seconds one one DC at a time, SYSVOL will be available from OTHER DCs if it's needed.


            Tom
            For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

            Anything you say will be misquoted and used against you

            Comment


            • #7
              Re: clear netlogon.log on DCs?

              the 2am thing of yours is right - 60 sec' and boom no impact, but saying that SYSVOL is not on a server?
              SYSvol is on the server/DC at all means, the \\domain\sysvol is only a junction point that directs you to the SYSVOL share of your %logonserver%
              Last edited by Akila; 14th July 2008, 22:50.

              Comment


              • #8
                Re: clear netlogon.log on DCs?

                My first thought was to alter the netlogon DBFLAG (nltest /dbflag:0x0) and disable/enable logging, but unfortunately this too requires restarting the service for the changes to work.
                SYSVOL is not your primary concern when restarting netlogon service: when the service is down, the DC will not be able to authenticate users, though the client should be smart enough to fail over to another DC. Though I've done it hundreds of times during the day at various environments, it will be wiser to do it during non-peak hours.

                Also note that you can control the size of netlogon.log file. The default is 20MB and on W2K3 you can change it both using registry and GPO. See this KB for more details: http://support.microsoft.com/kb/109626
                (look for MaximumLogFileSize)
                Guy Teverovsky
                "Smith & Wesson - the original point and click interface"

                Comment


                • #9
                  Re: clear netlogon.log on DCs?

                  Originally posted by Akila View Post
                  the 2am thing of yours is right - 60 sec' and boom no impact, but saying that SYSVOL is not on a server?
                  SYSvol is on the server/DC at all means, the \\domain\sysvol is only a junction point that directs you to the SYSVOL share of your %logonserver%
                  You miss my point. If a user is LOGGING ON while DC1 is down, he will NOT be using DC1. Therefore when the client searches for \\domain.local\sysvol it will go to \\DC2\sysvol because that is the user's logonserver. So you see, stopping NETLOGON service is the answer to your need to delete/rename the logfile. HOWEVER - if you are trying to limit its size, then GUYT posted the better answer.


                  Tom
                  For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

                  Anything you say will be misquoted and used against you

                  Comment


                  • #10
                    Re: clear netlogon.log on DCs?

                    Originally posted by Stonelaughter View Post
                    You miss my point. If a user is LOGGING ON while DC1 is down, he will NOT be using DC1. Therefore when the client searches for \\domain.local\sysvol it will go to \\DC2\sysvol because that is the user's logonserver.
                    Actually nothing promises you that if DC2 authenticates your logon request, you will get SYSVOL from DC2.
                    The way AD works allows the client to authenticate against DC2 and end up with SYSVOL from DC3 during the logon.

                    The authentication request is tolerant to netlogon service being down as the LDAP ping (which client performs against a DC before authentication attempt) will fail and the client will fail over to another DC.
                    Client accessing SYSVOL (which is a domain DFS after all) has less checks to ensure the availability of the file server and you can hit the point where the DFS sends a client a referrer that is currently down (because netlogon is down). The result would be a client failing to apply GPOs during logon.
                    Guy Teverovsky
                    "Smith & Wesson - the original point and click interface"

                    Comment

                    Working...
                    X