Group Policy Debug Log Settings
The below article has got information about enabling different debug loggings which are required for troubleshooting various Windows issues.
UserEnv Debug Logging
Userenv logging is useful when troubleshooting group Policy application related issues or User profile related issues.
Enabling Userenv logging in Windows XP
Use Registry Editor to add or to modify the following registry entry:
Subkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Value data: 10002 (Hexadecimal)
UserEnvDebugLevel can have the following values:
The default value is NORMAL|LOGFILE (0x00010001).
Note To disable logging, select NONE (0x00000000).
You can combine these values. For example, you can combine VERBOSE 0x00000002 and LOGFILE 0x00010000 to get 0x00010002. Therefore, if UserEnvDebugLevel is given a value of 0x00010002, LOGFILE and VERBOSE are both turned on. Combining these values is the same as using an OR statement.
0x00010000 OR 0x00000002 = 0x00010002
Note If you set UserEnvDebugLevel to 0x00030002, the most verbose details are logged in the Userenv.log file.
The log file is written to the %Systemroot%\Debug\UserMode\Userenv.log file. If the Userenv.log file is larger than 300 KB, the file is renamed Userenv.bak, and a new Userenv.log file is created. This action occurs when a user logs on locally or by using Terminal Services, and the Winlogon process starts. However, because the size check only occurs when a user logs on, the Userenv.log file may grow beyond the 300 KB limit.
Although the 300-KB limit cannot be modified, you can set the read-only attribute on the Userenv.bak file, and the Userenv.log file will grow indefinitely. You must only use this method temporarily, remove the read-only attribute on the Userenv.bak file as soon as you are finished troubleshooting.
Enabling UserEnv Logging in Windows 7
In Windows 7 GPO processing is performed by a service called “Group Policy Client” .
A log file can be written by the service when implementing the following registry value:
The resulting log file will be
Group Policy Preference Debug Logging
Sometimes you need to enable additional logging when you are troubleshooting a particular component in Windows. Group Policy Preferences includes the ability to create verbose debug logging for each included client-side extensions. You activate Preference debug logging through Group Policy. Preference debug logging policy settings are located under the Computer Configuration\Policies\Administrative Templates\System\Group Policy node when editing a Group Policy object.
Figure 1 Group Policy Preferences debug logging
You can individually enable each preference client-side extension. Logging and tracing entries provide you with a several configuration options including what type of data to write to the event logs (Informational, Errors, Warnings, or all), enable trace logging and the location of the trace log file, and the size of the file.
Figure 2 Preference Logging and Tracing policy settings
You can configure the location of the trace files; however, keep in mind that file system permissions changed on Server 2008 and Windows Vista. Make sure permissions do not interfere with creating the log file. You’ll notice the default location for all three log files is
%COMMONAPPDATA%\GroupPolicy\Preference\Trace. The variable
%COMMONAPPDATA% is not recognized by Windows, however; it is meaningful to Preference client-side extensions. Preference client-side extensions recognize this variable and expand it according to operating system on which the client-side extension is installed. For Windows Server 2003 and Windows XP, %COMMONAPPDATA% expands to
%SYSTEMDRIVE%\Documents and Settings\All Users\Application Data. The equivalent path for Windows Server 2008 and Windows Vista is %SYSTEMDRIVE%\ProgramData (this folder is hidden by default, but you can manually type the path in Windows Explorer).
Folder Redirection Debug logging
In addition to logging events in the Application Event log, Folder Redirection can provide a detailed log to aid troubleshooting. To create a detailed log file for folder redirection, use the following registry key:
Set: FdeployDebugLevel = Reg_DWORD 0x0f
Note The log file can be found at: %windir%\debug\usermode\fdeploy.log
In pre-Vista versions of Windows, doing this will create the diagnostic log file %windir%\Debug\UserMode\fdeploy.log. For Vista, 2008 and Windows 7 however, doing this simply adds more detailed info to the event log.
Netlogon Debug Logging
Netlogon debug logging is useful in troubleshooting many issues. Some of those are mentioned below.
DC Location issues
Account Lockout Issues
The version of Netlogon.dll that has tracing included is installed by default. To enable debug logging, set the debug flag that you want in the registry and restart the service by using the following steps:
1.Start the Regedt32 program.
2.Delete the Reg_SZ value of the following registry entry, create a REG_DWORD value with the same name, and then add the 2080FFFF hexadecimal value.
1.At a command prompt, type net stop netlogon, and then type net start netlogon. This enables debug logging.
2.To disable debug logging, change the data value to 0x0 in the following registry key:
2.Stop Net Logon, and then restart Net Logon.
Notes ◦After you restart Net Logon, Net Logon-related activity may be logged to %windir%\debug\netlogon.log.
◦The MaximumLogFileSize registry entry can be used to specify the maximum size of the Netlogon.log file. By default, this registry entry does not exist, and the default maximum size of the Netlogon.log file is 20 MB. When the file reaches 20 MB, it is renamed to Netlogon.bak, and a new Netlogon.log file is created. This registry entry has the following parameters:
Value Name: MaximumLogFileSize
Value Type: REG_DWORD
◦On Windows Server 2003-based computers, you can use the following Group Policy to configure the log file size:
\Computer Configuration\Administrative Templates\System\Net Logon\Maximum Log File Size
Note As an alternate method, you can set the dbflag without using the registry. To do this run the following command from a command prompt:
Nltest is included as part of Windows Server 2008 and is also available as part of the Support Tools packages on the installation media for Windows Server 2003, Windows XP, and Windows 2000.
After you finish debugging, you can run the nltest /dbflag:0x0 command from a command prompt to reset the debug flag to 0. For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
247811 (http://support.microsoft.com/kb/247811/ ) How domain controllers are located in Windows
189541 (http://support.microsoft.com/kb/189541/ ) Using the checked Netlogon.dll to track account lockouts