The version of Netlogon.dll that has tracing included is installed by default. To enable debug logging, set the debug flag that you want in the registry and restart the service by using the following steps:

  1. Start the Regedt32 program.
  2. Delete the Reg_SZ value of the following registry entry, create a REG_DWORD value with the same name, and then add the 2080FFFF hexadecimal value.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DBFlag
  3. At a command prompt, type net stop netlogon, and then type net start netlogon. This enables debug logging.
  4. To disable debug logging, change the data value to 0x0 in the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DBFlag
  5. Quit Regedt32.
  6. Stop Net Logon, and then restart Net Logon.Notes
    • After you restart Net Logon, Net Logon-related activity may be logged to %windir%\debug\netlogon.log.
    • The MaximumLogFileSize registry entry can be used to specify the maximum size of the Netlogon.log file. By default, this registry entry does not exist, and the default maximum size of the Netlogon.log file is 20 MB. When the file reaches 20 MB, it is renamed to Netlogon.bak, and a new Netlogon.log file is created. This registry entry has the following parameters:Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
      Value Name: MaximumLogFileSize
      Value Type: REG_DWORD
      Value Data: <maximum log file size in bytes>
    • On Windows Server 2003-based computers, you can use the following Group Policy to configure the log file size:
      \Computer Configuration\Administrative Templates\System\Net Logon\Maximum Log File Size

Note As an alternate method, you can set the dbflag without using the registry. To do this run the following command from a command prompt: nltest /dbflag:0x2080ffff

Nltest is included as part of Windows Server 2008 and is also available as part of the Support Tools packages on the installation media for Windows Server 2003, Windows XP, and Windows 2000.

After you finish debugging, you can run the nltest /dbflag:0x0 command from a command prompt to reset the debug flag to 0. For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

247811

(http://support.microsoft.com/kb/247811/ )How domain controllers are located in Windows
189541

(http://support.microsoft.com/kb/189541/ )Using the checked Netlogon.dll to track account lockouts