Win2k3 Server trust issue

Giganews Newsgroups
Subject: Win2k3 Server trust issue
Posted by:  Zeno (momo28…@gmail.com)
Date: Mon, 27 Apr 2009

We recently found one of our member servers was having some strange
issues, it was joined to the domain and had issues when we logon such
that it said cannot find domain so we unjoined it an rejoined again
but it still has the issue we cannot logon with a domain account.

If we try to access the netlogon directory while logged on to the
server it cannot, then when we try to access the c$ remote it cannot
authenticate.

I've ran some tests with Nltest on the scquery and scurechannel and
things seem to be ok, but cannot get it to work properly. I trying to
look at the netlogon.log but cannot find anything obvious

04/27 17:36:33 [INIT] Group Policy is not defined for Netlogon
04/27 17:36:33 [INIT] Following are the effective values after parsing
04/27 17:36:33 [INIT]    Sysvol = C:\WINDOWS\SYSVOL\SYSVOL
04/27 17:36:33 [INIT]    Scripts = (null)
04/27 17:36:33 [INIT]    RpcDacl = (null)
04/27 17:36:33 [INIT]    SiteName (0) = HKG
04/27 17:36:33 [INIT]    Pulse = 300 (0x12c)
04/27 17:36:33 [INIT]    Randomize = 1 (0x1)
04/27 17:36:33 [INIT]    PulseMaximum = 7200 (0x1c20)
04/27 17:36:33 [INIT]    PulseConcurrency = 10 (0xa)
04/27 17:36:33 [INIT]    PulseTimeout1 = 10 (0xa)
04/27 17:36:33 [INIT]    PulseTimeout2 = 300 (0x12c)
04/27 17:36:33 [INIT]    MaximumMailslotMessages = 500 (0x1f4)
04/27 17:36:33 [INIT]    MailslotMessageTimeout = 10 (0xa)
04/27 17:36:33 [INIT]    MailslotDuplicateTimeout = 2 (0x2)
04/27 17:36:33 [INIT]    ExpectedDialupDelay = 0 (0x0)
04/27 17:36:33 [INIT]    ScavengeInterval = 900 (0x384)
04/27 17:36:33 [INIT]    MaximumPasswordAge = 30 (0x1e)
04/27 17:36:33 [INIT]    LdapSrvPriority = 0 (0x0)
04/27 17:36:33 [INIT]    LdapSrvWeight = 100 (0x64)
04/27 17:36:33 [INIT]    LdapSrvPort = 389 (0x185)
04/27 17:36:33 [INIT]    LdapGcSrvPort = 3268 (0xcc4)
04/27 17:36:33 [INIT]    KdcSrvPort = 88 (0x58)
04/27 17:36:33 [INIT]    KerbIsDoneWithJoinDomainEntry = 0 (0x0)
04/27 17:36:33 [INIT]    DnsTtl = 600 (0x258)
04/27 17:36:33 [INIT]    DnsRefreshInterval = 86400 (0x15180)
04/27 17:36:33 [INIT]    CloseSiteTimeout = 900 (0x384)
04/27 17:36:33 [INIT]    SiteNameTimeout = 300 (0x12c)
04/27 17:36:33 [INIT]    DuplicateEventlogTimeout = 14400 (0x3840)
04/27 17:36:33 [INIT]    MaxConcurrentApi = 0 (0x0)
04/27 17:36:33 [INIT]    NegativeCachePeriod = 45 (0x2d)
04/27 17:36:33 [INIT]    BackgroundRetryInitialPeriod = 600 (0x258)
04/27 17:36:33 [INIT]    BackgroundRetryMaximumPeriod = 3600 (0xe10)
04/27 17:36:33 [INIT]    BackgroundRetryQuitTime = 0 (0x0)
04/27 17:36:33 [INIT]    BackgroundSuccessfulRefreshPeriod =
4294967295 (0xffffffff)
04/27 17:36:33 [INIT]    NonBackgroundSuccessfulRefreshPeriod = 1800
(0x708)
04/27 17:36:33 [INIT]    DnsFailedDeregisterTimeout = 172800 (0x2a300)
04/27 17:36:33 [INIT]    MaxLdapServersPinged = 55 (0x37)
04/27 17:36:33 [INIT]    SiteCoverageRefreshInterval = 3600 (0xe10)
04/27 17:36:33 [INIT]    FtInfoUpdateInterval = 86400 (0x15180)
04/27 17:36:33 [INIT]    DBFlag = 545325055 (0x2080ffff)
04/27 17:36:33 [INIT]    MaximumLogFileSize = 20000000 (0x1312d00)
04/27 17:36:33 [INIT]    RefusePasswordChange = FALSE
04/27 17:36:33 [INIT]    AllowReplInNonMixed = FALSE
04/27 17:36:33 [INIT]    AvoidSamRepl = TRUE
04/27 17:36:33 [INIT]    AvoidLsaRepl = TRUE
04/27 17:36:33 [INIT]    SignSecureChannel = TRUE
04/27 17:36:33 [INIT]    SealSecureChannel = TRUE
04/27 17:36:33 [INIT]    RequireSignOrSeal = TRUE
04/27 17:36:33 [INIT]    RequireStrongKey = FALSE
04/27 17:36:33 [INIT]    SysVolReady = TRUE
04/27 17:36:33 [INIT]    UseDynamicDns = TRUE
04/27 17:36:33 [INIT]    RegisterDnsARecords = TRUE
04/27 17:36:33 [INIT]    AvoidPdcOnWan = FALSE
04/27 17:36:33 [INIT]    AutoSiteCoverage = TRUE
04/27 17:36:33 [INIT]    AvoidDnsDeregOnShutdown = TRUE
04/27 17:36:33 [INIT]    DnsUpdateOnAllAdapters = FALSE
04/27 17:36:33 [INIT]    Nt4Emulator = FALSE
04/27 17:36:33 [INIT]    DisablePasswordChange = FALSE
04/27 17:36:33 [INIT]    NeutralizeNt4Emulator = FALSE
04/27 17:36:33 [INIT]    AllowSingleLabelDnsDomain = FALSE
04/27 17:36:33 [INIT]    AllowExclusiveSysvolShareAccess = FALSE
04/27 17:36:33 [INIT]    AllowExclusiveScriptsShareAccess = FALSE
04/27 17:36:33 [INIT]    AvoidLocatorAccountLookup = FALSE
04/27 17:36:33 [INIT]    NeverPing = FALSE
04/27 17:36:33 [INIT] Command line parsed successfully ...
04/27 17:36:33 [SITE] Setting site name to 'HKG'
04/27 17:36:33 [SESSION] \Device\NetBT_Tcpip_{09384205-633F-4734-B050-
FB580F71E508}: Transport Added (10.150.192.90)
04/27 17:36:33 [SESSION] Winsock Addrs: 10.150.192.90 192.168.192.90
(2)
04/27 17:36:33 [DNS] Set DnsForestName to: root.domain.com
04/27 17:36:33 [DOMAIN] CN: Adding new domain
04/27 17:36:33 [DOMAIN] Setting our computer name to APPWN020
APPWN020.domain.com
04/27 17:36:33 [DOMAIN] Setting Netbios domain name to CN
04/27 17:36:33 [DOMAIN] Setting DNS domain name to domain.com.
04/27 17:36:33 [DOMAIN] Setting Domain GUID to 11c242dc-
b940-413c-8476-8993031e6387
04/27 17:36:33 [CRITICAL] C:\WINDOWS\system32\config\
etlogon.ftj:
Unable to open. 2
04/27 17:36:33 [INIT] Getting cached trusted domain list from binary
file.
04/27 17:36:33 [LOGON] NlSetForestTrustList: New trusted domain list:
04/27 17:36:33 [LOGON]    0: ASIA root.domain.com (NT 5) (Forest Tree
Root) (Direct Outbound) (Direct Inbound) ( Attr: 0x20 )
04/27 17:36:33 [LOGON]        Dom Guid:
7e13cb82-99ea-466d-963d-2aa9ed4a57f4
04/27 17:36:33 [LOGON]        Dom Sid:
S-1-5-21-155781502-3518960662-3262718245
04/27 17:36:33 [LOGON]    1: CN domain.com (NT 5) (Forest: 0)
(Primary Domain) (Native)
04/27 17:36:33 [LOGON]        Dom Guid: 11c242dc-
b940-413c-8476-8993031e6387
04/27 17:36:33 [LOGON]        Dom Sid:
S-1-5-21-453305679-1483540776-2973662666
04/27 17:36:33 [INIT] Starting RPC server.
04/27 17:36:33 [MISC] NlpInitializeTrace succeeded 0
04/27 17:36:33 [SESSION] CN: NlSessionSetup: Try Session setup
04/27 17:36:33 [SESSION] CN: NlDiscoverDc: Start Synchronous Discovery
04/27 17:36:33 [MISC] NetpDcGetName: domain.com. using cached
information
04/27 17:36:33 [SESSION] CN: NlDiscoverDc: Found DC \
\DCServer003.domain.com
04/27 17:36:33 [SESSION] CN: NlSetStatusClientSession: Set connection
status to 0
04/27 17:36:33 [DOMAIN] Setting LSA NetbiosDomain: CN DnsDomain:
domain.com. DnsTree: root.domain.com. DomainGuid:11c242dc-
b940-413c-8476-8993031e6387
04/27 17:36:33 [LOGON] NlSetForestTrustList: New trusted domain list:
04/27 17:36:33 [LOGON]    0: ASIA root.domain.com (NT 5) (Forest Tree
Root) (Direct Outbound) (Direct Inbound) ( Attr: 0x20 )
04/27 17:36:33 [LOGON]        Dom Guid:
7e13cb82-99ea-466d-963d-2aa9ed4a57f4
04/27 17:36:33 [LOGON]        Dom Sid:
S-1-5-21-155781502-3518960662-3262718245
04/27 17:36:33 [LOGON]    1: CN domain.com (NT 5) (Forest: 0)
(Primary Domain) (Native)
04/27 17:36:33 [LOGON]        Dom Guid: 11c242dc-
b940-413c-8476-8993031e6387
04/27 17:36:33 [LOGON]        Dom Sid:
S-1-5-21-453305679-1483540776-2973662666
04/27 17:36:33 [SESSION] CN: NlSetStatusClientSession: Set connection
status to 0
04/27 17:36:33 [SESSION] CN: NlSessionSetup: Session setup Succeeded
04/27 17:36:33 [INIT] Started successfully
04/27 17:36:33 [INIT] Group Policy is not defined for Netlogon
04/27 17:36:33 [INIT] Following are the effective values after parsing
04/27 17:36:33 [MISC] NlWksScavenger: Can be called again in 21 days
(0x6f70534e)
04/27 17:37:26 [MISC] DsGetDcName function called: Dom:domain.COM Acct:
(null) Flags: IP KDC
04/27 17:37:26 [MISC] NetpDcGetName: domain.COM using cached
information
04/27 17:37:26 [MISC] DsGetDcName function returns 0: Dom:domain.COM
Acct:(null) Flags: IP KDC
04/27 17:38:03 [MISC] DsGetDcName function called: Dom:(null) Acct:
(null) Flags: DS BACKGROUND
04/27 17:38:03 [MISC] NetpDcGetName: domain.com. using cached
information
04/27 17:38:03 [MISC] DsGetDcName function returns 0: Dom:(null) Acct:
(null) Flags: DS BACKGROUND
04/27 17:38:19 [SESSION] NETLOGON_CONTROL_TC_QUERY function received.
04/27 17:38:32 [SESSION] NETLOGON_CONTROL_TC_VERIFY function received.
04/27 17:38:32 [MISC] CN: NlVerifyTrust: new-new password match (with
trust attributes)
04/27 17:39:25 [SESSION] NetrLogonGetTimeServiceParentDomain:
domain.com. is the parent domain. (PdcSameSite: 1)
04/27 17:39:49 [MISC] DsrEnumerateDomainTrusts: Called, Flags = 0x3f
04/27 17:39:49 [MISC] DsrEnumerateDomainTrusts: returns: 0
04/27 17:40:24 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:40:24 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:40:24 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:40:24 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:40:24 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:40:24 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:40:25 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:40:25 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:40:25 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:40:25 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:40:25 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:40:25 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:40:25 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:40:25 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:40:25 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:40:25 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:40:25 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:40:25 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:40:25 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:40:25 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:40:25 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:40:25 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:40:25 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:40:25 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:40:25 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:40:25 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:40:25 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:40:25 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:40:25 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:40:25 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:40:25 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:40:25 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:40:25 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:40:25 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:40:25 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:40:25 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:41:48 [SESSION] CN: NlTimeoutApiClientSession: Unbind from
server \\DCServer003.domain.com (TCP) 0.
04/27 17:44:03 [SESSION] CN: NlTimeoutApiClientSession: Unbind from
server \\DCServer003.domain.com (TCP) 1.
04/27 17:51:36 [MISC] DsGetDcName function called: Dom:cn Acct:(null)
Flags:
04/27 17:51:36 [MISC] NetpDcGetName: domain.com. using cached
information
04/27 17:51:36 [MISC] DsGetDcName function returns 0: Dom:cn Acct:
(null) Flags:
04/27 17:51:53 [MISC] DsrEnumerateDomainTrusts: Called, Flags = 0x3
04/27 17:51:53 [MISC] CN: DsrEnumerateDomainTrusts: Domain List
collected from \\DCServer003.domain.com
04/27 17:51:53 [DOMAIN] Setting LSA NetbiosDomain: CN DnsDomain:
domain.com. DnsTree: root.domain.com. DomainGuid:11c242dc-
b940-413c-8476-8993031e6387
04/27 17:51:53 [LOGON] NlSetForestTrustList: New trusted domain list:
04/27 17:51:53 [LOGON]    0: ASIA root.domain.com (NT 5) (Forest Tree
Root) (Direct Outbound) (Direct Inbound) ( Attr: 0x20 )
04/27 17:51:53 [LOGON]        Dom Guid:
7e13cb82-99ea-466d-963d-2aa9ed4a57f4
04/27 17:51:53 [LOGON]        Dom Sid:
S-1-5-21-155781502-3518960662-3262718245
04/27 17:51:53 [LOGON]    1: CN domain.com (NT 5) (Forest: 0)
(Primary Domain) (Native)
04/27 17:51:53 [LOGON]        Dom Guid: 11c242dc-
b940-413c-8476-8993031e6387
04/27 17:51:53 [LOGON]        Dom Sid:
S-1-5-21-453305679-1483540776-2973662666
04/27 17:51:53 [MISC] DsrEnumerateDomainTrusts: returns: 0
04/27 17:52:49 [SESSION] NETLOGON_CONTROL_REDISCOVER function
received.
04/27 17:52:49 [SESSION] CN: NlSetStatusClientSession: Set connection
status to c000005e
04/27 17:52:49 [SESSION] CN: NlSetStatusClientSession: Unbind from
server \\DCServer003.domain.com (TCP) 0.
04/27 17:52:49 [SESSION] CN: NlSessionSetup: Try Session setup
04/27 17:52:49 [SESSION] CN: NlDiscoverDc: Start Synchronous Discovery
04/27 17:52:49 [MAILSLOT] NetpDcPingListIp: domain.com.: Sent UDP ping
to 10.150.192.214
04/27 17:52:49 [MISC] LoadBalanceDebug (Flags: FORCE DSP AVOIDSELF ):
DC=DCServer006, SrvCount=2, FailedAQueryCount=0, DcsPinged=1,
LoopIndex=0
04/27 17:52:49 [SESSION] CN: NlDiscoverDc: Found DC \
\DCServer006.domain.com
04/27 17:52:49 [SESSION] CN: NlSetStatusClientSession: Set connection
status to 0
04/27 17:52:49 [DOMAIN] Setting LSA NetbiosDomain: CN DnsDomain:
domain.com. DnsTree: root.domain.com. DomainGuid:11c242dc-
b940-413c-8476-8993031e6387
04/27 17:52:49 [LOGON] NlSetForestTrustList: New trusted domain list:
04/27 17:52:49 [LOGON]    0: ASIA root.domain.com (NT 5) (Forest Tree
Root) (Direct Outbound) (Direct Inbound) ( Attr: 0x20 )
04/27 17:52:49 [LOGON]        Dom Guid:
7e13cb82-99ea-466d-963d-2aa9ed4a57f4
04/27 17:52:49 [LOGON]        Dom Sid:
S-1-5-21-155781502-3518960662-3262718245
04/27 17:52:49 [LOGON]    1: CN domain.com (NT 5) (Forest: 0)
(Primary Domain) (Native)
04/27 17:52:49 [LOGON]        Dom Guid: 11c242dc-
b940-413c-8476-8993031e6387
04/27 17:52:49 [LOGON]        Dom Sid:
S-1-5-21-453305679-1483540776-2973662666
04/27 17:52:49 [SESSION] CN: NlSetStatusClientSession: Set connection
status to 0
04/27 17:52:49 [SESSION] CN: NlSessionSetup: Session setup Succeeded
04/27 17:53:03 [MISC] DsGetDcName function called: Dom:(null) Acct:
(null) Flags: DS BACKGROUND
04/27 17:53:03 [MISC] NetpDcGetName: domain.com. using cached
information
04/27 17:53:03 [MISC] DsGetDcName function returns 0: Dom:(null) Acct:
(null) Flags: DS BACKGROUND
04/27 17:54:38 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:54:38 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:54:38 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:54:38 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:54:38 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:54:38 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:54:38 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:54:38 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:54:38 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:54:38 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:54:38 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:54:38 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:54:38 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:54:38 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:54:38 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:54:38 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:54:38 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:54:38 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:54:38 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:54:38 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:54:38 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:54:38 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:54:39 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:54:39 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:54:39 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:54:39 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:54:39 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:54:39 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:54:39 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:54:39 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:54:39 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:54:39 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:54:39 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:54:39 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:54:39 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 17:54:39 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 17:54:48 [SESSION] NETLOGON_CONTROL_CHANGE_PASSWORD function
received.
04/27 17:54:48 [SESSION] CN: NlChangePassword: Doing it.
04/27 17:54:48 [SESSION] CN: NlChangePassword: Flag password changed
in LsaSecret
04/27 17:54:48 [SESSION] CN: NlChangePassword: Flag password updated
on PDC
04/27 17:57:53 [SESSION] CN: NlTimeoutApiClientSession: Unbind from
server \\DCServer006.domain.com (TCP) 0.
04/27 17:57:53 [SESSION] CN: NlTimeoutApiClientSession: Unbind from
server \\DCServer006.domain.com (TCP) 1.
04/27 18:00:08 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:00:08 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:00:08 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:00:08 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:00:08 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:00:08 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:00:08 [MISC] DsGetDcName function called: Dom:domain.COM Acct:
(null) Flags: IP KDC
04/27 18:00:08 [MISC] NetpDcGetName: domain.COM cache is too old.
2189062
04/27 18:00:08 [MAILSLOT] NetpDcPingListIp: domain.COM: Sent UDP ping
to 10.150.24.13
04/27 18:00:08 [MISC] NlPingDcNameWithContext: Sent 1/1 ldap pings to
DCServer003.domain.com
04/27 18:00:08 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:00:08 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:00:08 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:00:08 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:00:08 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:00:08 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:00:08 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:00:08 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:00:08 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:00:08 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:00:08 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:00:08 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:00:08 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:00:08 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:00:08 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:00:08 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:00:09 [MISC] NlPingDcNameWithContext: DCServer003.domain.com
responded over IP.
04/27 18:00:09 [MISC] NetpDcGetName: domain.COM using cached
information
04/27 18:00:09 [MISC] DsGetDcName function returns 0: Dom:domain.COM
Acct:(null) Flags: IP KDC
04/27 18:00:09 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:00:09 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:00:09 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:00:09 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:00:09 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:00:09 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:00:09 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:00:09 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:00:09 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:00:09 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:00:09 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:00:09 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:00:09 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:00:09 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:02:15 [MISC] DsGetDcName function called: Dom:cn Acct:(null)
Flags: IP KDC
04/27 18:02:15 [MISC] NetpDcGetName: domain.com. using cached
information
04/27 18:02:15 [MISC] DsGetDcName function returns 0: Dom:cn Acct:
(null) Flags: IP KDC
04/27 18:02:21 [SITE] DsrGetSiteName: Returning site name 'HKG' from
local cache.
04/27 18:03:46 [MISC] In control handler (Opcode: 1)
04/27 18:03:46 [MISC] NlExit: Netlogon exiting 0 0x0
04/27 18:03:46 [DOMAIN] NlDeleteDomain called
04/27 18:03:46 [DOMAIN] Domain RefCount is zero. Domain being rundown.
04/27 18:03:46 [SESSION] CN: NlFreeClientSession: Unbind from server \
\DCServer006.domain.com (TCP) 1.
04/27 18:03:46 [SITE] Setting site name to '(null)'
04/27 18:03:47 [INIT] Group Policy is not defined for Netlogon
04/27 18:03:47 [INIT] Following are the effective values after parsing
04/27 18:03:47 [INIT]    Sysvol = C:\WINDOWS\SYSVOL\SYSVOL
04/27 18:03:47 [INIT]    Scripts = (null)
04/27 18:03:47 [INIT]    RpcDacl = (null)
04/27 18:03:47 [INIT]    SiteName (0) = HKG
04/27 18:03:47 [INIT]    Pulse = 300 (0x12c)
04/27 18:03:47 [INIT]    Randomize = 1 (0x1)
04/27 18:03:47 [INIT]    PulseMaximum = 7200 (0x1c20)
04/27 18:03:47 [INIT]    PulseConcurrency = 10 (0xa)
04/27 18:03:47 [INIT]    PulseTimeout1 = 10 (0xa)
04/27 18:03:47 [INIT]    PulseTimeout2 = 300 (0x12c)
04/27 18:03:47 [INIT]    MaximumMailslotMessages = 500 (0x1f4)
04/27 18:03:47 [INIT]    MailslotMessageTimeout = 10 (0xa)
04/27 18:03:47 [INIT]    MailslotDuplicateTimeout = 2 (0x2)
04/27 18:03:47 [INIT]    ExpectedDialupDelay = 0 (0x0)
04/27 18:03:47 [INIT]    ScavengeInterval = 900 (0x384)
04/27 18:03:47 [INIT]    MaximumPasswordAge = 30 (0x1e)
04/27 18:03:47 [INIT]    LdapSrvPriority = 0 (0x0)
04/27 18:03:47 [INIT]    LdapSrvWeight = 100 (0x64)
04/27 18:03:47 [INIT]    LdapSrvPort = 389 (0x185)
04/27 18:03:47 [INIT]    LdapGcSrvPort = 3268 (0xcc4)
04/27 18:03:47 [INIT]    KdcSrvPort = 88 (0x58)
04/27 18:03:47 [INIT]    KerbIsDoneWithJoinDomainEntry = 0 (0x0)
04/27 18:03:47 [INIT]    DnsTtl = 600 (0x258)
04/27 18:03:47 [INIT]    DnsRefreshInterval = 86400 (0x15180)
04/27 18:03:47 [INIT]    CloseSiteTimeout = 900 (0x384)
04/27 18:03:47 [INIT]    SiteNameTimeout = 300 (0x12c)
04/27 18:03:47 [INIT]    DuplicateEventlogTimeout = 14400 (0x3840)
04/27 18:03:47 [INIT]    MaxConcurrentApi = 0 (0x0)
04/27 18:03:47 [INIT]    NegativeCachePeriod = 45 (0x2d)
04/27 18:03:47 [INIT]    BackgroundRetryInitialPeriod = 600 (0x258)
04/27 18:03:47 [INIT]    BackgroundRetryMaximumPeriod = 3600 (0xe10)
04/27 18:03:47 [INIT]    BackgroundRetryQuitTime = 0 (0x0)
04/27 18:03:47 [INIT]    BackgroundSuccessfulRefreshPeriod =
4294967295 (0xffffffff)
04/27 18:03:47 [INIT]    NonBackgroundSuccessfulRefreshPeriod = 1800
(0x708)
04/27 18:03:47 [INIT]    DnsFailedDeregisterTimeout = 172800 (0x2a300)
04/27 18:03:47 [INIT]    MaxLdapServersPinged = 55 (0x37)
04/27 18:03:47 [INIT]    SiteCoverageRefreshInterval = 3600 (0xe10)
04/27 18:03:47 [INIT]    FtInfoUpdateInterval = 86400 (0x15180)
04/27 18:03:47 [INIT]    DBFlag = 545325055 (0x2080ffff)
04/27 18:03:47 [INIT]    MaximumLogFileSize = 20000000 (0x1312d00)
04/27 18:03:47 [INIT]    RefusePasswordChange = FALSE
04/27 18:03:47 [INIT]    AllowReplInNonMixed = FALSE
04/27 18:03:47 [INIT]    AvoidSamRepl = TRUE
04/27 18:03:47 [INIT]    AvoidLsaRepl = TRUE
04/27 18:03:47 [INIT]    SignSecureChannel = TRUE
04/27 18:03:47 [INIT]    SealSecureChannel = TRUE
04/27 18:03:47 [INIT]    RequireSignOrSeal = TRUE
04/27 18:03:47 [INIT]    RequireStrongKey = FALSE
04/27 18:03:47 [INIT]    SysVolReady = TRUE
04/27 18:03:47 [INIT]    UseDynamicDns = TRUE
04/27 18:03:47 [INIT]    RegisterDnsARecords = TRUE
04/27 18:03:47 [INIT]    AvoidPdcOnWan = FALSE
04/27 18:03:47 [INIT]    AutoSiteCoverage = TRUE
04/27 18:03:47 [INIT]    AvoidDnsDeregOnShutdown = TRUE
04/27 18:03:47 [INIT]    DnsUpdateOnAllAdapters = FALSE
04/27 18:03:47 [INIT]    Nt4Emulator = FALSE
04/27 18:03:47 [INIT]    DisablePasswordChange = FALSE
04/27 18:03:47 [INIT]    NeutralizeNt4Emulator = FALSE
04/27 18:03:47 [INIT]    AllowSingleLabelDnsDomain = FALSE
04/27 18:03:47 [INIT]    AllowExclusiveSysvolShareAccess = FALSE
04/27 18:03:47 [INIT]    AllowExclusiveScriptsShareAccess = FALSE
04/27 18:03:47 [INIT]    AvoidLocatorAccountLookup = FALSE
04/27 18:03:47 [INIT]    NeverPing = FALSE
04/27 18:03:47 [INIT] Command line parsed successfully ...
04/27 18:03:47 [SITE] Setting site name to 'HKG'
04/27 18:03:47 [SESSION] \Device\NetBT_Tcpip_{09384205-633F-4734-B050-
FB580F71E508}: Transport Added (10.150.192.90)
04/27 18:03:47 [SESSION] Winsock Addrs: 10.150.192.90 192.168.192.90
(2)
04/27 18:03:47 [DNS] Set DnsForestName to: root.domain.com
04/27 18:03:47 [DOMAIN] CN: Adding new domain
04/27 18:03:47 [DOMAIN] Setting our computer name to APPWN020
APPWN020.domain.com
04/27 18:03:47 [DOMAIN] Setting Netbios domain name to CN
04/27 18:03:47 [DOMAIN] Setting DNS domain name to domain.com.
04/27 18:03:47 [DOMAIN] Setting Domain GUID to 11c242dc-
b940-413c-8476-8993031e6387
04/27 18:03:47 [CRITICAL] C:\WINDOWS\system32\config\
etlogon.ftj:
Unable to open. 2
04/27 18:03:47 [INIT] Getting cached trusted domain list from binary
file.
04/27 18:03:47 [LOGON] NlSetForestTrustList: New trusted domain list:
04/27 18:03:47 [LOGON]    0: ASIA root.domain.com (NT 5) (Forest Tree
Root) (Direct Outbound) (Direct Inbound) ( Attr: 0x20 )
04/27 18:03:47 [LOGON]        Dom Guid:
7e13cb82-99ea-466d-963d-2aa9ed4a57f4
04/27 18:03:47 [LOGON]        Dom Sid:
S-1-5-21-155781502-3518960662-3262718245
04/27 18:03:47 [LOGON]    1: CN domain.com (NT 5) (Forest: 0)
(Primary Domain) (Native)
04/27 18:03:47 [LOGON]        Dom Guid: 11c242dc-
b940-413c-8476-8993031e6387
04/27 18:03:47 [LOGON]        Dom Sid:
S-1-5-21-453305679-1483540776-2973662666
04/27 18:03:47 [INIT] Starting RPC server.
04/27 18:03:47 [MISC] NlpInitializeTrace succeeded 0
04/27 18:03:47 [SESSION] CN: NlSessionSetup: Try Session setup
04/27 18:03:47 [SESSION] CN: NlDiscoverDc: Start Synchronous Discovery
04/27 18:03:47 [MISC] NetpDcGetName: domain.com. using cached
information
04/27 18:03:47 [SESSION] CN: NlDiscoverDc: Found DC \
\DCServer006.domain.com
04/27 18:03:47 [SESSION] CN: NlSetStatusClientSession: Set connection
status to 0
04/27 18:03:47 [DOMAIN] Setting LSA NetbiosDomain: CN DnsDomain:
domain.com. DnsTree: root.domain.com. DomainGuid:11c242dc-
b940-413c-8476-8993031e6387
04/27 18:03:47 [LOGON] NlSetForestTrustList: New trusted domain list:
04/27 18:03:47 [LOGON]    0: ASIA root.domain.com (NT 5) (Forest Tree
Root) (Direct Outbound) (Direct Inbound) ( Attr: 0x20 )
04/27 18:03:47 [LOGON]        Dom Guid:
7e13cb82-99ea-466d-963d-2aa9ed4a57f4
04/27 18:03:47 [LOGON]        Dom Sid:
S-1-5-21-155781502-3518960662-3262718245
04/27 18:03:47 [LOGON]    1: CN domain.com (NT 5) (Forest: 0)
(Primary Domain) (Native)
04/27 18:03:47 [LOGON]        Dom Guid: 11c242dc-
b940-413c-8476-8993031e6387
04/27 18:03:47 [LOGON]        Dom Sid:
S-1-5-21-453305679-1483540776-2973662666
04/27 18:03:47 [SESSION] CN: NlSetStatusClientSession: Set connection
status to 0
04/27 18:03:47 [SESSION] CN: NlSessionSetup: Session setup Succeeded
04/27 18:03:47 [INIT] Started successfully
04/27 18:03:47 [INIT] Group Policy is not defined for Netlogon
04/27 18:03:47 [INIT] Following are the effective values after parsing
04/27 18:03:47 [MISC] NlWksScavenger: Can be called again in 30 days
(0x9e7273c7)
04/27 18:06:47 [SESSION] CN: NlTimeoutApiClientSession: Unbind from
server \\DCServer006.domain.com (TCP) 0.
04/27 18:08:03 [MISC] DsGetDcName function called: Dom:(null) Acct:
(null) Flags: DS BACKGROUND
04/27 18:08:03 [MISC] NetpDcGetName: domain.com. using cached
information
04/27 18:08:03 [MISC] DsGetDcName function returns 0: Dom:(null) Acct:
(null) Flags: DS BACKGROUND
04/27 18:15:29 [MISC] In control handler (Opcode: 1)
04/27 18:15:29 [MISC] NlExit: Netlogon exiting 0 0x0
04/27 18:15:29 [DOMAIN] NlDeleteDomain called
04/27 18:15:29 [DOMAIN] Domain RefCount is zero. Domain being rundown.
04/27 18:15:29 [SITE] Setting site name to '(null)'
04/27 18:15:30 [INIT] Group Policy is not defined for Netlogon
04/27 18:15:30 [INIT] Following are the effective values after parsing
04/27 18:15:30 [INIT]    Sysvol = C:\WINDOWS\SYSVOL\SYSVOL
04/27 18:15:30 [INIT]    Scripts = (null)
04/27 18:15:30 [INIT]    RpcDacl = (null)
04/27 18:15:30 [INIT]    SiteName (0) = HKG
04/27 18:15:30 [INIT]    Pulse = 300 (0x12c)
04/27 18:15:30 [INIT]    Randomize = 1 (0x1)
04/27 18:15:30 [INIT]    PulseMaximum = 7200 (0x1c20)
04/27 18:15:30 [INIT]    PulseConcurrency = 10 (0xa)
04/27 18:15:30 [INIT]    PulseTimeout1 = 10 (0xa)
04/27 18:15:30 [INIT]    PulseTimeout2 = 300 (0x12c)
04/27 18:15:30 [INIT]    MaximumMailslotMessages = 500 (0x1f4)
04/27 18:15:30 [INIT]    MailslotMessageTimeout = 10 (0xa)
04/27 18:15:30 [INIT]    MailslotDuplicateTimeout = 2 (0x2)
04/27 18:15:30 [INIT]    ExpectedDialupDelay = 0 (0x0)
04/27 18:15:30 [INIT]    ScavengeInterval = 900 (0x384)
04/27 18:15:30 [INIT]    MaximumPasswordAge = 30 (0x1e)
04/27 18:15:30 [INIT]    LdapSrvPriority = 0 (0x0)
04/27 18:15:30 [INIT]    LdapSrvWeight = 100 (0x64)
04/27 18:15:30 [INIT]    LdapSrvPort = 389 (0x185)
04/27 18:15:30 [INIT]    LdapGcSrvPort = 3268 (0xcc4)
04/27 18:15:30 [INIT]    KdcSrvPort = 88 (0x58)
04/27 18:15:30 [INIT]    KerbIsDoneWithJoinDomainEntry = 0 (0x0)
04/27 18:15:30 [INIT]    DnsTtl = 600 (0x258)
04/27 18:15:30 [INIT]    DnsRefreshInterval = 86400 (0x15180)
04/27 18:15:30 [INIT]    CloseSiteTimeout = 900 (0x384)
04/27 18:15:30 [INIT]    SiteNameTimeout = 300 (0x12c)
04/27 18:15:30 [INIT]    DuplicateEventlogTimeout = 14400 (0x3840)
04/27 18:15:30 [INIT]    MaxConcurrentApi = 0 (0x0)
04/27 18:15:30 [INIT]    NegativeCachePeriod = 45 (0x2d)
04/27 18:15:30 [INIT]    BackgroundRetryInitialPeriod = 600 (0x258)
04/27 18:15:30 [INIT]    BackgroundRetryMaximumPeriod = 3600 (0xe10)
04/27 18:15:30 [INIT]    BackgroundRetryQuitTime = 0 (0x0)
04/27 18:15:30 [INIT]    BackgroundSuccessfulRefreshPeriod =
4294967295 (0xffffffff)
04/27 18:15:30 [INIT]    NonBackgroundSuccessfulRefreshPeriod = 1800
(0x708)
04/27 18:15:30 [INIT]    DnsFailedDeregisterTimeout = 172800 (0x2a300)
04/27 18:15:30 [INIT]    MaxLdapServersPinged = 55 (0x37)
04/27 18:15:30 [INIT]    SiteCoverageRefreshInterval = 3600 (0xe10)
04/27 18:15:30 [INIT]    FtInfoUpdateInterval = 86400 (0x15180)
04/27 18:15:30 [INIT]    DBFlag = 545325055 (0x2080ffff)
04/27 18:15:30 [INIT]    MaximumLogFileSize = 20000000 (0x1312d00)
04/27 18:15:30 [INIT]    RefusePasswordChange = FALSE
04/27 18:15:30 [INIT]    AllowReplInNonMixed = FALSE
04/27 18:15:30 [INIT]    AvoidSamRepl = TRUE
04/27 18:15:30 [INIT]    AvoidLsaRepl = TRUE
04/27 18:15:30 [INIT]    SignSecureChannel = TRUE
04/27 18:15:30 [INIT]    SealSecureChannel = TRUE
04/27 18:15:30 [INIT]    RequireSignOrSeal = TRUE
04/27 18:15:30 [INIT]    RequireStrongKey = FALSE
04/27 18:15:30 [INIT]    SysVolReady = TRUE
04/27 18:15:30 [INIT]    UseDynamicDns = TRUE
04/27 18:15:30 [INIT]    RegisterDnsARecords = TRUE
04/27 18:15:30 [INIT]    AvoidPdcOnWan = FALSE
04/27 18:15:30 [INIT]    AutoSiteCoverage = TRUE
04/27 18:15:30 [INIT]    AvoidDnsDeregOnShutdown = TRUE
04/27 18:15:30 [INIT]    DnsUpdateOnAllAdapters = FALSE
04/27 18:15:30 [INIT]    Nt4Emulator = FALSE
04/27 18:15:30 [INIT]    DisablePasswordChange = FALSE
04/27 18:15:30 [INIT]    NeutralizeNt4Emulator = FALSE
04/27 18:15:30 [INIT]    AllowSingleLabelDnsDomain = FALSE
04/27 18:15:30 [INIT]    AllowExclusiveSysvolShareAccess = FALSE
04/27 18:15:30 [INIT]    AllowExclusiveScriptsShareAccess = FALSE
04/27 18:15:30 [INIT]    AvoidLocatorAccountLookup = FALSE
04/27 18:15:30 [INIT]    NeverPing = FALSE
04/27 18:15:30 [INIT] Command line parsed successfully ...
04/27 18:15:30 [SITE] Setting site name to 'HKG'
04/27 18:15:30 [SESSION] \Device\NetBT_Tcpip_{09384205-633F-4734-B050-
FB580F71E508}: Transport Added (10.150.192.90)
04/27 18:15:30 [SESSION] Winsock Addrs: 10.150.192.90 192.168.192.90
(2)
04/27 18:15:30 [DNS] Set DnsForestName to: root.domain.com
04/27 18:15:30 [DOMAIN] CN: Adding new domain
04/27 18:15:30 [DOMAIN] Setting our computer name to APPWN020
APPWN020.domain.com
04/27 18:15:30 [DOMAIN] Setting Netbios domain name to CN
04/27 18:15:30 [DOMAIN] Setting DNS domain name to domain.com.
04/27 18:15:30 [DOMAIN] Setting Domain GUID to 11c242dc-
b940-413c-8476-8993031e6387
04/27 18:15:30 [CRITICAL] C:\WINDOWS\system32\config\
etlogon.ftj:
Unable to open. 2
04/27 18:15:30 [INIT] Getting cached trusted domain list from binary
file.
04/27 18:15:30 [LOGON] NlSetForestTrustList: New trusted domain list:
04/27 18:15:30 [LOGON]    0: ASIA root.domain.com (NT 5) (Forest Tree
Root) (Direct Outbound) (Direct Inbound) ( Attr: 0x20 )
04/27 18:15:30 [LOGON]        Dom Guid:
7e13cb82-99ea-466d-963d-2aa9ed4a57f4
04/27 18:15:30 [LOGON]        Dom Sid:
S-1-5-21-155781502-3518960662-3262718245
04/27 18:15:30 [LOGON]    1: CN domain.com (NT 5) (Forest: 0)
(Primary Domain) (Native)
04/27 18:15:30 [LOGON]        Dom Guid: 11c242dc-
b940-413c-8476-8993031e6387
04/27 18:15:30 [LOGON]        Dom Sid:
S-1-5-21-453305679-1483540776-2973662666
04/27 18:15:30 [MISC] NlpInitializeTrace succeeded 0
04/27 18:15:30 [INIT] Starting RPC server.
04/27 18:15:30 [SESSION] CN: NlSessionSetup: Try Session setup
04/27 18:15:30 [SESSION] CN: NlDiscoverDc: Start Synchronous Discovery
04/27 18:15:30 [MISC] NetpDcGetName: domain.com. using cached
information
04/27 18:15:30 [SESSION] CN: NlDiscoverDc: Found DC \
\DCServer006.domain.com
04/27 18:15:30 [SESSION] CN: NlSetStatusClientSession: Set connection
status to 0
04/27 18:15:30 [DOMAIN] Setting LSA NetbiosDomain: CN DnsDomain:
domain.com. DnsTree: root.domain.com. DomainGuid:11c242dc-
b940-413c-8476-8993031e6387
04/27 18:15:30 [LOGON] NlSetForestTrustList: New trusted domain list:
04/27 18:15:30 [LOGON]    0: ASIA root.domain.com (NT 5) (Forest Tree
Root) (Direct Outbound) (Direct Inbound) ( Attr: 0x20 )
04/27 18:15:30 [LOGON]        Dom Guid:
7e13cb82-99ea-466d-963d-2aa9ed4a57f4
04/27 18:15:30 [LOGON]        Dom Sid:
S-1-5-21-155781502-3518960662-3262718245
04/27 18:15:30 [LOGON]    1: CN domain.com (NT 5) (Forest: 0)
(Primary Domain) (Native)
04/27 18:15:30 [LOGON]        Dom Guid: 11c242dc-
b940-413c-8476-8993031e6387
04/27 18:15:30 [LOGON]        Dom Sid:
S-1-5-21-453305679-1483540776-2973662666
04/27 18:15:30 [SESSION] CN: NlSetStatusClientSession: Set connection
status to 0
04/27 18:15:30 [SESSION] CN: NlSessionSetup: Session setup Succeeded
04/27 18:15:30 [INIT] Started successfully
04/27 18:15:30 [INIT] Group Policy is not defined for Netlogon
04/27 18:15:30 [INIT] Following are the effective values after parsing
04/27 18:15:30 [MISC] NlWksScavenger: Can be called again in 30 days
(0x9bda09fa)
04/27 18:18:30 [SESSION] CN: NlTimeoutApiClientSession: Unbind from
server \\DCServer006.domain.com (TCP) 0.
04/27 18:22:37 [SESSION] Winsock Addrs: 10.150.192.90 (1) List size
changed 2 1.
04/27 18:22:37 [SITE] DsrGetSiteName: Site name 'HKG' is old. Getting
a new one from DC.
04/27 18:22:37 [MAILSLOT] NetpDcPingListIp: domain.com.: Sent UDP ping
to 10.150.192.214
04/27 18:22:37 [MISC] NlPingDcNameWithContext: Sent 1/1 ldap pings to
DCServer006.domain.com
04/27 18:22:38 [MISC] NlPingDcNameWithContext: DCServer006.domain.com
responded over IP.
04/27 18:22:38 [MISC] DsGetDcName function called: Dom:(null) Acct:
(null) Flags: IP TIMESERV AVOIDSELF BACKGROUND
04/27 18:22:38 [MISC] NetpDcGetName: domain.com. using cached
information
04/27 18:22:38 [MISC] DsGetDcName function returns 0: Dom:(null) Acct:
(null) Flags: IP TIMESERV AVOIDSELF BACKGROUND
04/27 18:22:52 [SESSION] Winsock Addrs: 10.150.192.90 192.168.192.90
(2) List size changed 1 2.
04/27 18:22:52 [SITE] DsrGetSiteName: Returning site name 'HKG' from
local cache.
04/27 18:22:52 [MISC] DsGetDcName function called: Dom:(null) Acct:
(null) Flags: IP TIMESERV AVOIDSELF BACKGROUND
04/27 18:22:52 [MISC] NetpDcGetName: domain.com. using cached
information
04/27 18:22:52 [MISC] DsGetDcName function returns 0: Dom:(null) Acct:
(null) Flags: IP TIMESERV AVOIDSELF BACKGROUND
04/27 18:23:04 [MISC] DsGetDcName function called: Dom:(null) Acct:
(null) Flags: DS BACKGROUND
04/27 18:23:04 [MISC] NetpDcGetName: domain.com. using cached
information
04/27 18:23:04 [MISC] DsGetDcName function returns 0: Dom:(null) Acct:
(null) Flags: DS BACKGROUND
04/27 18:29:53 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:29:53 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:29:53 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:29:53 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:29:53 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:29:53 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:29:53 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:29:53 [MISC] DsGetDcName function called: Dom:domain.COM Acct:
(null) Flags: IP KDC
04/27 18:29:53 [MISC] NetpDcGetName: domain.COM using cached
information
04/27 18:29:53 [MISC] DsGetDcName function returns 0: Dom:domain.COM
Acct:(null) Flags: IP KDC
04/27 18:29:53 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:29:53 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:29:53 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:29:53 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:29:53 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:29:53 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:29:53 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:29:53 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:29:53 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:29:53 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:29:53 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:29:53 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:29:53 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:29:53 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:29:53 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:29:54 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:29:54 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:29:54 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:29:54 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:29:54 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:29:54 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:29:54 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:29:54 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:29:54 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:29:54 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:29:54 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:29:54 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0
04/27 18:29:54 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Entered
04/27 18:29:54 [LOGON] SamLogon: Network logon of domain\usera from
workstation001 Returns 0x0

the only striking thing I  can find is this

04/27 17:36:33 [CRITICAL] C:\WINDOWS\system32\config\
etlogon.ftj:
Unable to open. 2
04/27 17:36:33 [INIT] Getting cached trusted domain list from binary
file.

can anyone give me some pointers on whats the issue?

Many thanks

Replies