Netlogon.chg file

I am getting an error in my event log that states, "The change log cache maintained by Netlogon service for database changes is corrupted.  The Netlogon service is resetting the change log."  When I attempt to delete the file I get an error saying the service is in use by another process and I am unable to delete it.  How do I delete this file to clear the error?  I've also noticed that one remote user is remotely logging into the system every hour.  Does this have any affect on the netlogon file?
swebbAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

lornedCommented:
Follow the instructions in both of these articles.  One of them should help you with your problem.

Lorne

PSS ID Number: Q129216
Article last modified on 07-19-1996
PSS database name: WINNT
 
3.10 3.50
 
WINDOWS
 

----------------------------------------------------------------------
The information in this article applies to:
 
 - Microsoft Windows NT Advanced Server version 3.1
 - Microsoft Windows NT Server version 3.5
----------------------------------------------------------------------
 
SYMPTOMS
========
 
If you configure a Windows NT server as a primary domain controller (PDC),
the following System event messages appear in the system log:
 
   Event ID: 5713
   Source:   Netlogon
   Type:     Information
   Description: The full synchronization request from the server
   <SRV_NAME> completed successfully. <Number> object(s) has(have)
   been returned to the caller.
 
   Event ID: 5712
   Source:   Netlogon
   type:     Warning
   Description: The partial synchronization request from <SRV_NAME>
   failed with the following error.
 
   (DATA 0000: 34 01 00 c0)
 
If you promote a backup domain controller (BDC) to a PDC, the following
System event message appears in the system log:
 
   Event ID: 5705
   Source:   NetLogon
   Type:     Error
   Description: The change log cache maintained by the netlogon service
   for database changes is corrupted. The netlogon service is resetting
   the change log.
 
CAUSE
=====
 
This problem occurs when the %systemroot%\NETLOGON.CHG file is corrupted,
or has the read-only file attribute set.
 
RESOLUTION
==========
 
To correct this problem, ensure that the read-only attribute is not set
for the NETLOGON.CHG file or delete the file. This file is re-created
when you start Windows NT.
 
This file is always in use by the system. In order to delete NETLOGON.CHG
on an NTFS partition, you must first set the permissions for that file to
system - no access (Be sure that you are only changing the permissions for
that one file). You will need to reboot, and then the file can be deleted.
 
MORE INFORMATION
================
 
The NETLOGON.CHG file is located on the PDC and keeps track of the changes
made to the security databases. Each change to the security databases is
recorded in the change log along with the change serial number. The serial
number is maintained separately for each of the three security databases.
It is incremented once for each change to the databases. When a backup
domain controller (BDC) requests a particular change from the PDC, the PDC
views the change log to determine what changes need to be sent.
 
KBCategory: kbnetwork
KBSubcategory: ntdomain
Additional reference words: prodnt 3.10 3.50 event viewer 340100c0
=============================================================================
Copyright Microsoft Corporation 1996.


 
PSS ID Number: Q136251
Article last modified on 08-28-1996
PSS database name: WINNT
 
3.50
 
WINDOWS
 

-------------------------------------------------------------------------
The information in this article applies to:
 
 - Microsoft Windows NT Workstation version 3.5
 - Microsoft Windows NT Server version 3.5
-------------------------------------------------------------------------
 
SYMPTOMS
========
 
The following event appears in your backup domain controller (BDC) system
log:
 
   Date:       N/A             Event ID:   5705
   Time:       N/A             Source:     NETLOGON
   User:       N/A             Type:       Error
   Computer:   BDC             Category:   None
 
   Description:
 
   The change log cache maintained by the Netlogon service for database
   changes is corrupted. The Netlogon service is resetting the change log.
 
   Data, Byte:
 
   000:    02
 
CAUSE
=====
 
This problem occurs, if you enable auditing of security objects and more
than 500 changes are made to an individually replicated security object
from the Security Account Manager (SAM), local security authority (LSA), or
built-in databases.
 
How Event ID 5705 is Triggered with the Netlogon Service
--------------------------------------------------------
 
On a heavily used server configured to audit many objects, if the security
log fills up, the LSA security object is updated with each attempt to
record an event in the full security log. With each LSA update a change is
registered in the Netlogon change log file. If more than 500 of these
events occur within the primary domain controller (PDC) to BDC Netlogon
update cycle, the PDC does not replicate the individual changes to the
BDCs, but sends a record that indicates a serial number skip and another
record with the entire object that contains the accumulation of all
changes. When the BDC encounters the skip in serial numbers, it records
Event 5705 in the BDC system log.
 
WORDAROUND
==========
 
To work around this problem, prevent the security log from becoming full by
doing one or more of the following:
 
 - Clear the security log more frequently.
 - Set the security log to overwrite events when it gets full.
 - Audit less items.
 
KBCategory: kbnetwork
KBSubcategory: ntnetserv ntsecurity
Additional reference words: prodnt 3.50
=============================================================================
Copyright Microsoft Corporation 1996.


 

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.