What you will see in a netlogon debug log (on client and DC) during a successful secure channel password reset

Here are the details you will see in the netlogon debug log on the client and the DC for a SUCCESSFUL secure channel reset:

Note: Running "netdom reset <client> /domain:<domain> /server:<DCname> /usero:<domain>\administrator /passwordo:*" instead of ntltest renders the exact same debug information - basically the same action is being taken.

<domain.com> = FQDN

<DOMAIN> = netbios domain name

<CLIENT> = netbios name of client

<IP of DC> = IP of the DC

<DCname> = DC's netbios name

 

- Windows XP SP2 netlogon debug log entries while running "nltest /sc_reset:<domain>\<DCname>”:

01/31 13:56:53 [SESSION] NETLOGON_CONTROL_REDISCOVER function received.

01/31 13:56:53 [MAILSLOT] NetpDcPingListIp: <domain.com>.: Sent UDP ping to <IP of DC>

01/31 13:56:53 [MISC] NlPingDcNameWithContext: Sent 1/1 ldap pings to <DCname>

01/31 13:56:53 [MAILSLOT] NlPingDcNameWithContext: Sent 'Sam Logon' message to <DCname>[00] on (null).

 

-> (The above 4 lines are Netlogon running a rediscovery/ping of the DC. I omitted this from the 2000 debug log below)

 

01/31 13:56:53 [MISC] NlPingDcNameWithContext: <DCname> responded over IP.

01/31 13:56:53 [MISC] <DOMAIN>: NlPingDcName: <DOMAIN>: <domain.com>.: Caching pinged DC info for <DCname>

01/31 13:56:53 [SESSION] <DOMAIN>: NetrLogonControl: Successful response from DC <DCname>

01/31 13:56:53 [SESSION] <DOMAIN>: NlSetStatusClientSession: Set connection status to c000005e

01/31 13:56:53 [SESSION] <DOMAIN>: NlSessionSetup: Try Session setup

01/31 13:56:53 [SESSION] <DOMAIN>: NlSetStatusClientSession: Set connection status to 0

01/31 13:56:53 [DOMAIN] Setting LSA NetbiosDomain: <DOMAIN> DnsDomain: <domain.com>. DnsTree: <domain.com>. DomainGuid:7ec5ada6-a412-4b9f-9c40-21079e438d6f

01/31 13:56:53 [LOGON] NlSetForestTrustList: New trusted domain list:

01/31 13:56:53 [LOGON] 0: <DOMAIN> <domain.com> (NT 5) (Forest Tree Root) (Primary Domain) (Native)

01/31 13:56:53 [LOGON] Dom Guid: 7ec5ada6-a412-4b9f-9c40-21079e438d6f

01/31 13:56:53 [LOGON] Dom Sid: S-1-5-21-1444530721-2061370028-146505126

01/31 13:56:53 [SESSION] <DOMAIN>: NlSetStatusClientSession: Set connection status to 0

01/31 13:56:53 [SESSION] <DOMAIN>: NlSessionSetup: Session setup Succeeded

Windows 2000 SP4 netlogon debug log entries while running "nltest /sc_reset:<domain>\<DCname>":

01/31 14:23:52 [MISC] NlPingDcNameWithContext: <DCname> responded over IP.

01/31 14:23:52 [MISC] <DOMAIN>: NlPingDcName: <DOMAIN>: <domain.com>.: Caching pinged DC info for <DCname>

01/31 14:23:52 [SESSION] <DOMAIN>: NetrLogonControl: Successful response from DC <DCname>

01/31 14:23:52 [SESSION] <DOMAIN>: NlSetStatusClientSession: Set connection status to c000005e

01/31 14:23:52 [SESSION] <DOMAIN>: NlSessionSetup: Try Session setup

01/31 14:23:52 [SESSION] <DOMAIN>: NlSetStatusClientSession: Set connection status to 0

01/31 14:23:52 [DOMAIN] Setting LSA NetbiosDomain: <DOMAIN> DnsDomain: <domain.com>. DnsTree: <domain.com>. DomainGuid:7ec5ada6-a412-4b9f-9c40-21079e438d6f

01/31 14:23:52 [LOGON] NlSetForestTrustList: New trusted domain list:

01/31 14:23:52 [LOGON] 0: <DOMAIN> <domain.com> (NT 5) (Forest Tree Root) (Primary Domain) (Native)

01/31 14:23:52 [LOGON] Dom Guid: 7ec5ada6-a412-4b9f-9c40-21079e438d6f

01/31 14:23:52 [LOGON] Dom Sid: S-1-5-21-1444530721-2061370028-146505126

01/31 14:23:52 [SESSION] <DOMAIN>: NlSetStatusClientSession: Set connection status to 0

01/31 14:23:52 [SESSION] <DOMAIN>: NlSessionSetup: Session setup Succeeded

XP's reset logged in the Windows 2003 DC's Netlogon log:

01/31 13:56:53 [MAILSLOT] Received ping from <CLIENT> <domain.com>. <CLIENT>$ on UDP LDAP

01/31 13:56:53 NO_CLIENT_SITE: <CLIENT> <IP of client>

 

01/31 13:56:53 [MAILSLOT] Ping response 'Sam Logon Response Ex' <CLIENT>$ to \\<CLIENT> Site: (null) on UDP LDAP

01/31 13:56:53 [MAILSLOT] <DCNAME>: Received 'Sam Logon' message on \Device\NetBT_Tcpip_{25A3660A-55D7-4A50-AD1F-CC1A465CA4D3}

01/31 13:56:53 NO_CLIENT_SITE: <CLIENT> <IP of client>

01/31 13:56:53 [MAILSLOT] Ping response 'Sam Logon Response Ex' <CLIENT>$ to \\<CLIENT> Site: (null) on \Device\NetBT_Tcpip_{25A3660A-55D7-4A50-AD1F-CC1A465CA4D3}

01/31 13:56:53 [SESSION] NetrServerAuthenticate entered: <CLIENT> on account <CLIENT>$ (Negot: 600fffff)

01/31 13:56:53 [SESSION] NetrServerAuthenticate returns Success: <CLIENT> on account <CLIENT>$ (Negot: 600fffff)

01/31 13:56:53 [SESSION] NetrLogonGetDomainInfo: <CLIENT> 1 Entered

01/31 13:56:53 [SESSION] NetrLogonGetDomainInfo: <CLIENT> is running NT 5.1 build 2600 (1)

01/31 13:56:53 [MISC] NetrLogonGetDomainInfo: DnsHostName of <CLIENT> is <client>.<domain.com>

01/31 13:56:53 [SESSION] NetrLogonGetDomainInfo: <CLIENT> 1 Returns 0x0

2000's reset logged in the Windows 2003 DC's Netlogon log:

01/31 14:23:52 [MAILSLOT] <DCNAME>: Received 'Sam Logon' message on \Device\NetBT_Tcpip_{25A3660A-55D7-4A50-AD1F-CC1A465CA4D3}

01/31 14:23:52 NO_CLIENT_SITE: <CLIENT> <IP of client>

01/31 14:23:52 [MAILSLOT] Ping response 'Sam Logon Response Ex' <CLIENT>$ to \\<CLIENT> Site: (null) on \Device\NetBT_Tcpip_{25A3660A-55D7-4A50-AD1F-CC1A465CA4D3}

01/31 14:23:52 [SESSION] NetrServerAuthenticate entered: <CLIENT> on account <CLIENT>$ (Negot: 6007ffff)

01/31 14:23:52 [SESSION] NetrServerAuthenticate returns Success: <CLIENT> on account <CLIENT>$ (Negot: 6007ffff)

01/31 14:23:52 [SESSION] NetrLogonGetDomainInfo: <CLIENT> 1 Entered

01/31 14:23:52 [SESSION] NetrLogonGetDomainInfo: <CLIENT> is running NT 5.0 build 2195 (1)

01/31 14:23:52 [MISC] NetrLogonGetDomainInfo: DnsHostName of <CLIENT> is <client>.<domain.com>

01/31 14:23:52 [SESSION] NetrLogonGetDomainInfo: <CLIENT> 1 Returns 0x0

Comments