[Samba] Help wanted: Windows logs for our NETLOGON KB5028166 issue

Mon Jul 17 10:42:22 UTC 2023

Kia Ora Samba users,

Thanks so much for bringing the KB5028166 issues to our attention. 

Microsoft is also aware, and has reached out to us to understand the
issue.  

They would like some windows logs, and it would save us all some time
if you - one of our Samba AD or NT4 DC users - could get those for us.

If you have a lab domain where you can share detailed logs without
compromising privacy that would be very helpful. 

This would be with a patched Windows member server, and an unpatched
Samba DC.

They ask:

Meanwhile, if we can get netlogon logs on both client and server side in this case during an error scenario that would be helpful.
https://learn.microsoft.com/en-us/troubleshoot/windows-client/windows-security/enable-debug-logging-netlogon-service

Steps to enable netlogon logs on windows :
   1. Configure debug flagsNltest /DBFlag:2080FFFF
   2. Re-start netlogonnet stop netlogonnet start netlogon
Logs path:  at c:\windows\debug\netlogon.txt

For the 'server logs', that would be Samba's logs with

log level = 10
debug hires timestamp = yes

Bonus points if you can include a network capture (PCAPng format) from
the server, as the timestamps in both will line up exactly.

I'm just jumping into this having been on leave, so I'll need you to
work out exactly the trigger point/steps, but the network call to see
in your network trace is NETLOGON RPC LogonGetCapabilities

If you see that, you have probably got enough logs.  I guess from a
reboot would also do.

Thanks so much for your help,

Andrew Bartlett
--
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead                https://catalyst.net.nz/services/samba
Catalyst.Net Ltd

Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company

Samba Development and Support: https://catalyst.net.nz/services/samba

Catalyst IT - Expert Open Source Solutions