Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

netlogon.log [CRITICAL]

  • Filter
  • Time
  • Show
Clear All
new posts

  • netlogon.log [CRITICAL]

    Hi All,

    I have 2 domain controllers, running a single Domain, they don't run DNS or DHCP servers, they are relaying on the Linux Servers to do this.

    Both are Windows Server 2003, DC1 has Folder Redirection directories, DC2 has Roaming Profiles.
    The Clients are Windows 7 Enterprise.

    The problem occurs when logging into Windows 7 Desktop, which takes 172 seconds, according to the Winlogon Notification Service in the Event Log.

    I have enabled UserEnvDebugLevel to 30002.

    And when I login to my test account to the domain,
    I do receive the following lines:

    08/16 15:12:36 [CRITICAL] DOMAIN: NlTimeoutApiClientSession: Start RpcCancelThread on \\
    08/16 15:12:36 [MISC] Eventlog: 5783 (1) "\\" "DOMAIN" "CLIENT"
    08/16 15:12:36 [MISC] Didn't log event since it was already logged.
    08/16 15:12:36 [CRITICAL] DOMAIN: NlTimeoutApiClientSession: Finish RpcCancelThread on \\ 0
    08/16 15:13:16 [CRITICAL] DOMAIN: NlFinishApiClientSession: timeout call to \\ Count: 2
    08/16 15:13:16 [CRITICAL] DOMAIN: NlFinishApiClientSession: dropping the session to \\

    see attachment

    Many thanks if you can help me out what the cause of the issue is.... brrrrrrr
    Attached Files

  • #2
    Re: netlogon.log [CRITICAL]

    do nslookups return relevant SRV records ?

    why don't you want to use AD-implemented DNS ?
    Please do show your appreciation to those who assist you by leaving Rep Point


    • #3
      Re: netlogon.log [CRITICAL]


      If I nslookup press enter,
      I receive

      but if i ping it comes back Request Timeout and with a different IP.

      That IP address is assigned to a name

      dns2 hasn't existed in about 2 years...

      but if i do
      nslookup DC1


      Which is basically correct, apart from the dns2 name, same goes for DC2, that seems to come back correct too, apart from the DNS server.

      and it's not that I don't want to. It's the Unix SysAdmin, basically hates anything to do with windows.

      and since i dont have windows dns or dhcp turned on, i am not actually experienced with running the dns server


      • #4
        Re: netlogon.log [CRITICAL]

        you need to do NSLookups on the SRV records.
        SRV records are critical to the correct functioning of Active Directory.

        your DNS is screwy based on what you've told me - an excellent reason to take control of it off the linux admins..
        Please do show your appreciation to those who assist you by leaving Rep Point


        • #5
          Re: netlogon.log [CRITICAL]


          I done a _ldap._tcp.dc._msdcs.Domain_Name

          and everything seems to be ok, both DC's are listed and both have correct IP's

          so basically, is this problem I am having is caused by DNS...

          But the Unix SysAdmin did say he will clean out all the DNS entries and let things put themselves back in.. so I may ask him to do that, when he comes back from holiday.

          and i certainly dont have expertise in this yet but reading up on it all.
          Last edited by plawlor; 19th August 2011, 14:46.


          • #6
            Re: netlogon.log [CRITICAL]

            hmmmm, I do notice something...

            when i so nslookup, set type=all, _ldap._tcp.dc._msdcs.Domain_Name
            I do receive

   internet address =
   internet address =
   AAAA IPv6 address = 2002:.....:ffa
   AAAA IPv6 address = fec0:......:ffa
   AAAA IPv6 address = 2002:.....:912

            But why isn't there any IPv6 for DC1? and why is there IPv6 for DC2?

            also, if i think DC2 is a bit odd, how can I make a client to only use DC1? i.e disble DC2 but not actually uninstall the Active Directory...

            basically, how to stop clients from using DC2 at all...

            many thanks
            Last edited by plawlor; 19th August 2011, 14:46.


            • #7
              Re: netlogon.log [CRITICAL]

              okay question...

              even if i dont have DNS installed on the Active Directory, does Active Directory cache DNS entries for all the client machines?

              because, if i do nslookup on a client that is not in the domain, it responds correctly,
              i.e dns2 doesnt appear, the IP is correct to the correct name

              but when joined the domain, dns2 appears to the wrong IP.

              so does the active directory record any name resolution, and if so, how do i clear it all? =/



              • #8
                Re: netlogon.log [CRITICAL]

                the server will cache dns entries in the same way a workstation does.

                you can check with ipconfig /displaydns
                Please do show your appreciation to those who assist you by leaving Rep Point


                • #9
                  Re: netlogon.log [CRITICAL]

                  I think I have resolved the issue, okay the Linux DNS was screwy and old entries have been removed...

                  but the problem was caused by Windows 7 not populating the DNS Suffix Search List,
                  In Windows XP this works fine,
                  as it shows,

                  in Windows 7,
                  it only had

                  so it couldnt search for machines within url.url.url that are not part of domain.urll.url.url.

                  Shesh, complicated for me.. and took ages to find that out.
                  but windows 7 now login within 30 seconds, every time.