locked
Netlogon not monitored? RRS feed

  • Question

  • Had a Windows 2003 server that had the Netlogon service stopped. No service terminated or failed to start events, it just wasn't running. No alerts from SCOM. I looked around and could not find any rules or monitors except for domain controllers. This server is not a domain controller.

    Why is Netlogon not monitored? It seems like it should be. I'm curious to find out if it should be but wasn't included wiht a base OS monitor for one reason or another. I'm sure the next question I'm going to get is "can you create a monitor for it" and I really don't want to create a monitor for something that already has a management pack.

    Monday, August 9, 2010 10:28 PM

Answers

  • I was only aware of its function on dc's, but i just looked at the service description and i guess it's needed on every server (probably even clients) in a domain.

    Anyway, back to the question, i don't know why it's not being monitored. But i think the answer lies in the netlogon service having a function within a domain only and not all computers are member of a domain. Therefor it's not an essential windows os service. Also I really don't know in what mp it should belong. Maybe AD, but i guess that just targets DC's.

    it would make a nice request for a future mp release (not sure which :)) to have a discovery determine whether a computer is part of a domain and if yes, enable a netlogon service monitor. But for now i think you need to create your own monitor for it.


    Rob Korving
    http://jama00.wordpress.com/
    • Marked as answer by jbn2050 Monday, January 17, 2011 8:43 PM
    Tuesday, August 17, 2010 4:05 PM

All replies

  • Why would it be monitored on a non-dc? as far as i know it's only needed on DC's


    Rob Korving
    http://jama00.wordpress.com/
    • Proposed as answer by Vivian Xing Tuesday, August 10, 2010 6:35 AM
    • Unproposed as answer by jbn2050 Monday, August 16, 2010 4:38 PM
    Monday, August 9, 2010 11:22 PM
  • Hi, this is also a reason to review all MPs before they are imported. What is really in this MP , and what do we need? Else you will find more scenarios like this where you belive something is in included in one way, but it is not.
    Anders Bengtsson | Microsoft MVP - Operations Manager | http://www.contoso.se
    Tuesday, August 10, 2010 9:26 AM
  • I had a user email me saying there was an issue due to Netlogon being stopped. Anyone else know if it's really needed on a member server?

    Tuesday, August 10, 2010 2:27 PM
  • Hi,

    What exact error the user received and what operating system is running on it?


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, August 12, 2010 8:18 AM
  • In the system log: "The server was unable to logon the Windows NT account 'IUSR_****' due to the following error: An attempt was made to logon, but the network logon service was not started. The data is the error code."

     

    This is a member server and not a domain controller. This is the first time I've seen this.

    Thursday, August 12, 2010 5:48 PM
  • IUSR_**** is a local user account? And does it work with starting the netlogon service?
    Rob Korving
    http://jama00.wordpress.com/
    Monday, August 16, 2010 8:29 AM
  • It's a local account. I'm not sure what you mean if it starts with the netlogon service.

     

    However I was told once netlogon was started the events stopped. I check other servers and Netlogon is started and set to automatic... If a service isn't needed then having it set to automatic seems kind of counterintuitive doesn't it?

    Monday, August 16, 2010 2:34 PM
  • I was only aware of its function on dc's, but i just looked at the service description and i guess it's needed on every server (probably even clients) in a domain.

    Anyway, back to the question, i don't know why it's not being monitored. But i think the answer lies in the netlogon service having a function within a domain only and not all computers are member of a domain. Therefor it's not an essential windows os service. Also I really don't know in what mp it should belong. Maybe AD, but i guess that just targets DC's.

    it would make a nice request for a future mp release (not sure which :)) to have a discovery determine whether a computer is part of a domain and if yes, enable a netlogon service monitor. But for now i think you need to create your own monitor for it.


    Rob Korving
    http://jama00.wordpress.com/
    • Marked as answer by jbn2050 Monday, January 17, 2011 8:43 PM
    Tuesday, August 17, 2010 4:05 PM
  • As always - management packs are starting points. I'm glad to see you already know the answer :)
    Microsoft Corporation
    Wednesday, August 18, 2010 5:35 PM
  • If a computer is not a member of a domain I believe the service is set to manual. The MP just says "monitor only auto services" and I think it would work.

     

    Dan I thought Microsoft management packs were best of breed and not starting points? I'm not sure I agree with your reply.

    Wednesday, August 18, 2010 6:46 PM
  • Hi, No activity for 30 days. Will mark as answer. Feel free to re-open. Thanks


    Anders Bengtsson | Microsoft PFE | blog at http://www.contoso.se
    Sunday, December 26, 2010 8:01 PM