Join and Authentication Issues
Join and Authentication Issues |
|
Active Directory records events in the directory services log in Event Viewer. You can use the log to monitor the activity level of Active Directory or to investigate problems.
By default, Active Directory records only critical error events. To instruct Active Directory to record other events in the directory service log, modify the registry. For more information about how to use the Windows 2000 registry editors, see the Windows 2000 Server Help.
Caution
Do not use a registry editor to edit the registry directly unless you have no alternative. The registry editors bypass the standard safeguards provided by administrative tools. These safeguards prevent you from entering conflicting settings or settings that are likely to degrade performance or damage your computer. Editing the registry directly can have serious, unexpected consequences that can prevent the computer from starting and require that you reinstall Windows 2000. To configure or customize Windows 2000, use the programs in Control Panel or MMC whenever possible.
The registry entries that manage diagnostic logging are stored in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics. Each entry represents a type of event that Active Directory can log. The value of the entry determines the level of detail of the events that are logged and ranges from 0 (records default-level errors and standard verbosity ) to 5 (most verbose and records all activity).Table 10.10 describes each of these values.
Table 10.10 Values for the Diagnostics Registry Entry
| Option | Description |
|---|---|
| 0 (None) | Only critical events and error events are logged. This is the default and should be changed only if a problem occurs. |
| 1 (Minimal) | Very high-level events are recorded in the event log. These might include one message for each major task performed by the service. Use this setting to begin an investigation when the location of the problem is in doubt. |
| 2 (Basic) | Events with a logging level of 2 or lower are logged. |
| 3 (Extensive) | Events with a logging level of 3 or lower are logged.
Messages are sent to the event log to record steps taken to run a task. This provides more information than the minimum level but not the detail of the maximum level. Use this when the problem has been narrowed to a service or group of categories |
| 4 (Verbose) | Events with a logging level of 4 or lower are logged. |
| 5 (Internal) | All events are logged, including debug strings and configuration changes received.
Provides a complete log of the operation of the service. Use this level when the problem is traced to a particular category or a small set of categories. |
All of the entries in the Diagnostics subkey have the REG_DWORD data type and a default value of 0.
Note
Logging levels should be set to 0 (None) unless a problem is being investigated.
All fatal and critical errors are logged at level 0, and no user action is required to view them.
Increasing the level increases the detail of the messages and the number of messages emitted. Setting the value of entries in the Diagnostics subkey to greater then 3 can degrade server performance and is not recommended. The application event log fills up quickly when the logging level is increased.
Table 10.11 contains a list of registry entries in the Diagnostics subkey that store the directory service logging levels.
Table 10.11 Registry Entries in the Diagnostics Subkey
| Registry Entry | Description |
|---|---|
| Knowledge Consistency Checker (KCC) | The KCC derives its input configuration from objects in the directory (for example, sites, servers and site links). The KCC reports if these objects are incorrect or missing.
Events occurring during a run of the KCC. Messages fall into the following categories: KCC runtime errors, such as inconsistencies, resource errors or directory access problems. KCC output configuration problems. The new configuration cannot be built or is incomplete in some way. Perhaps too many servers are down to build a complete topology at this time. |
| Security Events | Events related to Windows 2000 Security, such as a user who tries to read or write an attribute with insufficient permissions, a user binding through MAPI, or a domain that has been changed to native mode. |
| ExDS Interface Events | Events related to communication between Active Directory and Exchange clients. |
| MAPI Interface Events | Events related to communication between Active Directory and Exchange clients. |
| Replication Events | Events related to outbound replication, where changed objects are found and inbound replication, where these changes are applied to a local database. "Normal" errors during the course of replication, such as a domain controller being down, are not logged. They are kept as status and are available through the replication tools. The errors logged during replication are generally critical inconsistencies that require user intervention, as database errors. The other kind of events logged by the replication category are information about which objects and attributes were updated and why.
Note that many attributes are updated each time replication occurs. Logging detail about attributes can generate a great deal of messages very quickly. A level of 1 is safe and might be informative as to the general types of operations occurring for replication. A level higher than level 2 can result in filling up the log file and performance degradation. |
| Garbage Collection | Events generated when objects marked for deletion are actually deleted. |
| Internal Configuration | Interpretation and display of the internal directory service operations. |
| Directory Access | Reads and writes directory objects from all sources. |
| Internal Processing | Events related to the internal operation of Active Directory code such as processing security descriptor propagation. Error events in this category might be an indicator of serious problems in Active Directory.
When the directory returns the status of "internal error," this category can be used to identify the problem for Microsoft support. Set this category to 1 on all computers involved (client and server) and reproduce the problem. Note the point in the code where the internal error was raised. |
| Performance Counters | Events related to loading and unloading the NTDS performance object and performance counters. |
| Initialization/Termination | Events related to starting and stopping Active Directory. |
| Service Control | Processes Active Directory service events. |
| Name Resolution | Resolution of addresses and Active Directory names. |
| Backup | Events related to the backup of Active Directory. Specifically, errors occurring when ESE database records are read or written for backup purposes. Generally only logged when a backup operation is underway. |
| Field Engineering | Internal debugging trace. |
| LDAP Interface Events | Events related to LDAP. An example of events logged include the following: the LDAP server closed a socket to a client, unable to initialize LDAP Simple Bind Authentication, and LDAP over SSL is now available. |
| Setup | Events related to running the Active Directory Installation Wizard. |
| Global Catalog | Events related to Global Catalog. For example, "Promotion of this server to a Global Catalog will be delayed for %1 minutes. This delay is necessary so that the required partitions can be made ready before the GC is advertised.
The operations that occurs during this time include the KCC being run to generate the new topology, all read-only partitions in the enterprise being added to this server, and the contents of these partitions being replicated into this system. If you want to promote the GC immediately without enforcing this precondition, set the registry variable HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\GlobalCatalogDelayAdvertisement(sec) to a DWORD value of 0. The GC will be promoted on the next attempt to check preconditions. This value can also be set to the maximum number of seconds that the DSA will wait before promoting to a GC." |
| Inter-site Messaging | These messages are logged by the "Intersite Message" service, which is a separate service from the directory itself. There are two kinds of messages that are generated in this category:
The ISM Service is responsible for transporting replication messages between sites. The ISM Service is also responsible for calculating site routes for the KCC to use. Note that the messages in this category are either fatal configuration errors, or informational messages about the amount of traffic being carried. |
Windows 2000 maintains specific log files that pertain to Active Directory. For example, when installing or removing Active Directory by using the Active Directory Installation Wizard (also known as dcpromo), several log files are created in the
The DcpromoUI.log file contains a detailed progress report of the Active Directory installation and removal processes. Its default location is the
Additionally, the DcpromoUI.log file includes the following useful information, about the installation or removal of Active Directory:
For more information about the Dcpromoui.log, see "Active Directory Installation and Removal Issues" later in this chapter.
The
The DCPromo.log file is created by using the Active Directory Installation Wizard. Its default location is the
For more information about the Dcpromo.log see "Active Directory Installation and Removal Issues" later in this chapter.
When joining a computer to a Windows 2000 domain, the Networking Setup (NetSetup) installs all the necessary Microsoft supported networking components. The Netsetup.log file provides information about the attempts to join domains and records any errors that might be preventing the join from being successful. Also, to install networking components not directly supported by Microsoft, the NetSetup tool provides a way to connect into the setup process for third-party components.
For more information about Netsetup.log, see "Authentication" earlier in this chapter.
The Net Logon service responds to network logon requests. The Net Logon service dynamically creates records in the DNS database that are used to locate a server.
The Netlogon.log file is created whenever the service is used. For more information about the Net Logon service, see "Name Resolution in Active Directory" in this book. For more information about Netlogon.log, see "Active Directory Architecture" earlier in this chapter.
The File Replication service (FRS) text-based log file is the Ntfrsapi.log file. It resides in the
The output of this log file can be helpful in troubleshooting problems with user profiles and Group Policy processing. The log file resides in the
Following is an example of the userenv.log file showing a failure to return a string representing the user guid of the current user.
USERENV(b8.a0) 17:02:31:274 GetUserGuid: Failed to get user guid with 1332.
USERENV(b8.a0) 17:02:31:584 GetUserGuid: Failed to get user guid with 1332.
USERENV(b8.a0) 17:02:31:584 GetUserGuid: Failed to get user guid with 1332.
USERENV(b8.cc) 17:02:31:715 ProcessGPOs: Starting user Group Policy processing...
USERENV(b8.cc) 17:02:31:765 ProcessGPOs: User Group Policy has been applied.
USERENV(b8.c0) 18:43:31:980 ProcessGPOs: Starting user Group Policy processing...
USERENV(b8.c0) 18:43:32:030 ProcessGPOs: User Group Policy has been applied.