Solved

Netlogon.chg file

Posted on 1997-04-24
1
1,075 Views
Last Modified: 2013-12-23
I am getting an error in my event log that states, "The change log cache maintained by Netlogon service for database changes is corrupted.  The Netlogon service is resetting the change log."  When I attempt to delete the file I get an error saying the service is in use by another process and I am unable to delete it.  How do I delete this file to clear the error?  I've also noticed that one remote user is remotely logging into the system every hour.  Does this have any affect on the netlogon file?
0
Comment
Question by:swebb
1 Comment
 
LVL 2

Accepted Solution

by:
lorned earned 50 total points
ID: 1559857
Follow the instructions in both of these articles.  One of them should help you with your problem.

Lorne

PSS ID Number: Q129216
Article last modified on 07-19-1996
PSS database name: WINNT
 
3.10 3.50
 
WINDOWS
 

----------------------------------------------------------------------
The information in this article applies to:
 
 - Microsoft Windows NT Advanced Server version 3.1
 - Microsoft Windows NT Server version 3.5
----------------------------------------------------------------------
 
SYMPTOMS
========
 
If you configure a Windows NT server as a primary domain controller (PDC),
the following System event messages appear in the system log:
 
   Event ID: 5713
   Source:   Netlogon
   Type:     Information
   Description: The full synchronization request from the server
   <SRV_NAME> completed successfully. <Number> object(s) has(have)
   been returned to the caller.
 
   Event ID: 5712
   Source:   Netlogon
   type:     Warning
   Description: The partial synchronization request from <SRV_NAME>
   failed with the following error.
 
   (DATA 0000: 34 01 00 c0)
 
If you promote a backup domain controller (BDC) to a PDC, the following
System event message appears in the system log:
 
   Event ID: 5705
   Source:   NetLogon
   Type:     Error
   Description: The change log cache maintained by the netlogon service
   for database changes is corrupted. The netlogon service is resetting
   the change log.
 
CAUSE
=====
 
This problem occurs when the %systemroot%\NETLOGON.CHG file is corrupted,
or has the read-only file attribute set.
 
RESOLUTION
==========
 
To correct this problem, ensure that the read-only attribute is not set
for the NETLOGON.CHG file or delete the file. This file is re-created
when you start Windows NT.
 
This file is always in use by the system. In order to delete NETLOGON.CHG
on an NTFS partition, you must first set the permissions for that file to
system - no access (Be sure that you are only changing the permissions for
that one file). You will need to reboot, and then the file can be deleted.
 
MORE INFORMATION
================
 
The NETLOGON.CHG file is located on the PDC and keeps track of the changes
made to the security databases. Each change to the security databases is
recorded in the change log along with the change serial number. The serial
number is maintained separately for each of the three security databases.
It is incremented once for each change to the databases. When a backup
domain controller (BDC) requests a particular change from the PDC, the PDC
views the change log to determine what changes need to be sent.
 
KBCategory: kbnetwork
KBSubcategory: ntdomain
Additional reference words: prodnt 3.10 3.50 event viewer 340100c0
=============================================================================
Copyright Microsoft Corporation 1996.


 
PSS ID Number: Q136251
Article last modified on 08-28-1996
PSS database name: WINNT
 
3.50
 
WINDOWS
 

-------------------------------------------------------------------------
The information in this article applies to:
 
 - Microsoft Windows NT Workstation version 3.5
 - Microsoft Windows NT Server version 3.5
-------------------------------------------------------------------------
 
SYMPTOMS
========
 
The following event appears in your backup domain controller (BDC) system
log:
 
   Date:       N/A             Event ID:   5705
   Time:       N/A             Source:     NETLOGON
   User:       N/A             Type:       Error
   Computer:   BDC             Category:   None
 
   Description:
 
   The change log cache maintained by the Netlogon service for database
   changes is corrupted. The Netlogon service is resetting the change log.
 
   Data, Byte:
 
   000:    02
 
CAUSE
=====
 
This problem occurs, if you enable auditing of security objects and more
than 500 changes are made to an individually replicated security object
from the Security Account Manager (SAM), local security authority (LSA), or
built-in databases.
 
How Event ID 5705 is Triggered with the Netlogon Service
--------------------------------------------------------
 
On a heavily used server configured to audit many objects, if the security
log fills up, the LSA security object is updated with each attempt to
record an event in the full security log. With each LSA update a change is
registered in the Netlogon change log file. If more than 500 of these
events occur within the primary domain controller (PDC) to BDC Netlogon
update cycle, the PDC does not replicate the individual changes to the
BDCs, but sends a record that indicates a serial number skip and another
record with the entire object that contains the accumulation of all
changes. When the BDC encounters the skip in serial numbers, it records
Event 5705 in the BDC system log.
 
WORDAROUND
==========
 
To work around this problem, prevent the security log from becoming full by
doing one or more of the following:
 
 - Clear the security log more frequently.
 - Set the security log to overwrite events when it gets full.
 - Audit less items.
 
KBCategory: kbnetwork
KBSubcategory: ntnetserv ntsecurity
Additional reference words: prodnt 3.50
=============================================================================
Copyright Microsoft Corporation 1996.


 

0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now