NETLOGON corrupt

J

Jeff B.

WIN2K Pro users: Has anyone else experienced a corrupt
netlogon.chg that was caused by a failing UPS? We are
using the APC SU700 series UPS and apparently it corrupted
the netlogon.chg file (event ID 5705) when the "bad
battery" warning came on for the UPS. Also, following
Microsoft's instructions to the letter as to deleting the
file did not work - ended up having to bootup in MS-DOS to
delete the file. Following Microsoft's instructions, I
kept getting a pop-up that the file was in use and could
not be deleted, even with full deny attributes set.

Problem now fixed...just wondering if anyone else has
bumped into this problem?
 
G

Guest

I did, we suspect that it was a combination of McAfee AV and moving the PDC
Emulator role to the 1st 2003 DC at the empty root. Here is what I wrote to
my team and I wrote some (SC) batch files to disable McSheild and stop it
during my upgrade enable it and start it afterwards on all DCs

We were able to DCPROMO the 1st 2003 DC at the root domain xxxxx.xxx

2) Subsequently, one of the many steps called for transferring the PDC
emulator role from a 2000 DC to this new 2003 DC. When I did this, we
instantly got an event 5705 error from NETLOGON, not on this 2003 DC but on
the 2 other 2000 DCs at the empty root. PHX01001 and PHX01002

MOM slapped me in the face with this event in a couple of e-mails

Subsequent research on my part showed me that this could be serious so I
opened an incident with Microsoft.

3) Everything seems to point to a combination of VSE our McAfee virus
solution locking a file in c:\winnt when the transfer of the PDC Emulator
FSMO role took place. Remember the PDC Emulator role is a very, very special
role that goes back to NT 4.0 compatibility. This is why I believe we did not
see the problem on the 2003 DC.

We were then able to reproduce the problem by moving the role back to a 2000
DC and back.

Anyway, I created the C:\WINNT\NETLOGON.CHG exclusion in ePO and pushed it
to the domain controllers at the empty root. We enabled the netlogon logging
and tried to recreate the problem. It did not happen probably due to the
exclusion.

I am going to be looking for all regions to create this exclusion in ePO for
their DCs and send me a screen shot, ASAP. Also, here is an article that
shows the recommended exclusions for a domain controller in any AV solution.
I had implemented this already in AZ but of course the file in question was
not part of the article.

http://support.microsoft.com/default.aspx?scid=kb;en-us;822158

4) The clean up at the empty root was not my concern, I was/am more
concerned about this happening when we bring up the 1st 2003 DC in the child
domain bhs.bannerhealth.com with 21 Domain Controllers. This is why I think
the exclusion is a must. If you read on you will discover that this problem
needs correcting but the fix can be scheduled as it is not a life altering
event.

5) I had not see this error in my VM lab, my home lab or our segregated AD
lab which also has the VSE solution. Of course there is no real way to
totally duplicate a production load/environment in a lab. I am copying some
MS folks and I will chat with them to see if there is some more due diligence
to be done around this issue.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Corrupt IP 3
Solution: The change log cache maintained by the Netlogon Service for database changes is corrupted 1
Corrupt and unreadable file in WINNT\System32\Drivers 15
Windows won't go into standby mode or hibernate after a long period of inactivity.....maybe one fix 4
service pack 4 corrupt 1
I keep getting the message "outcmd.dat is corrupt and unreadable" 4
Windows 7 Recycle Bins Corrupt - No File List 1
4 CONSECUTIVE CORRUPT DISK DISASTERS WITH WIN2K 21

Top