Shulou(Shulou.com)06/02 Report--

Enable logging debugging Kerberos login authentication problems

Enable Netlogon service logging on Windows Server 2008 R2

Open a command prompt window and enter the following command:

Nltest / DBFlag:2080FFFF

When debugging is complete, you can disable log debugging using the following age:

Nltest / DBFlag:0x0

Second, it is usually not necessary to stop and restart the Windows 2000 server / Professional or later operating system to enable Netlogon logging of Netlogon services. % Windir%\ debug\ netlogon.log records Netlogon-related activities.

3. Set the large log file size of the most Netlogon log:

You can use the maximum Netlogon.log file size specified by the MaximumLogFileSize registry key. By default, this registry key does not exist, and the default maximum size for Netlogon.log files is 20MB. When the file reaches 20 MB, rename it to Netlogon.bak and create a new Netlogon.log file. This registry key has the following parameters:

Path: HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ Netlogon\ Parameters

Value Name: MaximumLogFileSize

Value Type: REG_DWORD

Value Data:

Keep in mind that the total disk space used by Netlogon records is twice the maximum log file size specified. You need space for Netlogon.log and Netlogon.bak files. For example, if set to 50 MB, you can require 100 MB of disk space. This will provide 50 MB for Netlogon.log and 50 MB for Netlogon.bak.

As mentioned earlier, for Windows Server 2003 and later operating systems, you can configure the log file size (set values in bytes) using the following policy settings:

\ Computer Configuration\ Administrative Templates\ System\ Net Logon\ Maximum Log File Size

Enable Kerberos event logs on Windows Server 2008 R2

First, click "start", "run", enter "REGEDIT" to start the registry editor.

Expand to the following directory

HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Control\ Lsa\ Kerberos\ Parameters

Add the registry value LogLevel, type REG_DWORD, and value 0x1

If the subkey does not exist under Parameters, create it.

Note: when the problem is located and is no longer needed, remove the registry value so that server performance is not affected.

Exit Registry Editor. Effective immediately in Windows Server 2008 R2.

You can see logs related to Source being "Security-Kerberos" in "Windows Logs" and "System".

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.