troubleshooting Question

Windows Server 2019 Diagnostic Log Settings Reverting 15 minutes after Regedit Changes

Avatar of colsztyn
colsztynFlag for United States of America asked on
Windows Server 2019* Diagnostics
4 Comments1 Solution82 ViewsLast Modified:
I noticed that our Windows Server 2019 DCs were logging excessive amounts of AD and LDAP log entries - noticeably more than what I have been used to seeing over the years.  In tracking down why I noted that if I went to \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics that the log settings were set for "16 LDAP Interface Events" and "8 Directory Access" to log level 3 for the LDAP logs and 5 for the AD logs, which clearly explains the excessive logging.  

This is the MS KB I used to determine the diagnostic log settings and locations:

So, I manually changed each of 4 DCs (all running Win Server 2019 DC 1089 and patched up to date and healthy otherwise) so that the logging levels of LDAP and AD are set to 0.  I make the registry change, close the registry, reopen, hit F5 to view the changes, they display as 0.  Some time in the next 15 minutes or so I come back and check the logs and they have started logging excessively again, so I check the registry keys and they are reset back to 3 for LDAP and 5 for Directory Access.  So, I do the changes again, reboot the server, check the changes and they are fine on reboot but 10-15 minutes later the log levels revert to the original values (3 and 5).  

I have made a registry txt file to insert the keys and they insert fine and 15 minutes later revert.  This is true on all 4 DCs.  It seems as if some scheduled task or some other background process is intervening to change the diagnostic log settings back to their original values.  

Since I am the person who rolled these server and integrated them into the environment and the sole support for them this should be pretty straightforward.  

I thought I would reach out to the community and ask for ideas.
Dr. KlahnPrincipal Software Engineer

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 4 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 4 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros