Using the NETSETUP.log to debug domain join problems in Active Directory

One of the most overlooked features of MPS Reports is the NETSETUP.log. Expet Gary Olsen breaks down the tool and explains its value when troubleshooting Active Directory.

Gary Olsen

In Use verbose logging to troubleshoot in Active Directory, we discussed the benefits of Microsoft Product Support (MPS) Reports. These are a free download and should often be the first step in Active Directory troubleshooting.

MPS Reports are simply scripts that run a bunch of common command line commands, collects event log data and other system status and configuration information, and wraps it up nicely in a CAB file. The CAB file and all the individual reports inside are named in accordance with the server it ran on, so you don't get them mixed up. They are available for downloading at Microsoft's Web site.

There are several different versions -- DirSvc (Active Directory), Cluster, Networking, Setup/Performance and others. Each one provides reports and logs pertinent to its role. For instance, you get DCDIAG output in the DirSvc version, but not in the Cluster version. While I have referred to the benefits of the DirSvc version in the past, the Setup/Performance version has some great value as well.

Troubleshooting with the NETSETUP.log

One often overlooked log that Setup/Performance collects is the NETSETUP.log. This file is located in %windir%\debug, and you can view it even if you don't run MPS Reports. One of the great applications for this log file is the failure of a server to join the domain. If we have a server that fails to be promoted to a DC, it records the information in the DCPromo.log and the DCPromoUI.log. But the NETSETUP.log is used for logging domain joins, including joinings to a workgroup. NETSETUP.log will exist on every workstation, server and domain controller. They will all have a copy of this file, which is updated on each join so it has a nice history.

Let's take a look at some sample sections of a log I was using to determine why a server wouldn't join a domain. At the time it was a member of a Windows 2000 domain, but that domain was being decommissioned and all of the file servers were moved to the new Windows 2003 domain.

Here is an example of the "unjoin" operation. This is removing server HPQBOX-FS02 from the HPQBOX.adapps.hp.com domain.

  • First, we see we are doing an unjoin using Windows Server 2003 SP1. Note that the 0x0 status indicates a success.

    10/03 15:34:16 NetpUnJoinDomain: unjoin from 'HPQBOX' using 'hpqbox.adapps.hp.com\olseng' creds, options: 0x4
    10/03 15:34:16     OS Version: 5.2
    10/03 15:34:16     Build number: 3790
    10/03 15:34:16     ServicePack: Service Pack 1
    10/03 15:34:16 NetpUnJoinDomain: status of getting computer name: 0x0
    10/03 15:34:16 NetpApplyJoinState: actions: 0x2b805a

  • Now we are trying to find a DC in the domain. We ended up finding HPQBOX-DC03, which is very handy because we know it contacted this DC which was in the site of our server.
  • 10/03 15:34:16 NetpDsGetDcName: trying to find DC in domain 'HPQBOX', flags: 0x1020
    10/03 15:34:16 NetpDsGetDcName: found DC '\\HPQBOX-DC03' in the specified domain
    10/03 15:34:16 NetpApplyJoinState: status of connecting to dc '\\HPQBOX-DC03': 0x0
    10/03 15:34:17 NetpApplyJoinState: status of stopping and setting start type of Netlogon to 16: 0x0
    10/03 15:34:18 NetpApplyJoinState: NON FATAL: status of removing DNS registrations: 0x0
    <snip>
    10/03 15:34:18 NetpManageMachineAccountWithSid: status of disabling account 'HPQBOX-FS02$' on '\\HPQBOX-DC03': 0x0
    <snip>
    10/03 15:34:19 NetpApplyJoinState: status of removing from local groups: 0x0
    10/03 15:34:19 NetpUpdateW32timeConfig: 0x0
    10/03 15:34:19 NetpApplyJoinState: status of disconnecting from '\\HPQBOX-DC03': 0x0
    10/03 15:34:19 NetpUnJoinDomain: status: 0x0
    10/03 15:34:19 -----------------------------------------------:

  • So … that was pretty easy to read and follow. Had there been any errors, we would be able to see exactly where the error occurred.

    What if the domain join operation fails?

  • Here is an example of a failed domain join operation. First, we see the DomainJoin operation and that the name of the machine is HPQBOX-DC03. We see the domain name it is joining, the account used in the join, the OS version and so on. This proves very useful in identifying which account was used so we can check proper rights, etc. (Note that this is a domain controller that was joined to the domain before DCPromo.)

    07/20 15:57:20 NetpDoDomainJoin
    07/20 15:57:20 NetpMachineValidToJoin: 'HPQBOX-DC03'
    <snip>
    07/20 15:57:20 NetpJoinDomain
    07/20 15:57:20     Machine: HPQBOX-DC03
    07/20 15:57:20     Domain: HPQBOX.ADAPPS.HP.COM
    07/20 15:57:20     MachineAccountOU: (NULL)
    07/20 15:57:20     Account: HPQBOX-DC03\olseng
    07/20 15:57:20     Options: 0x40003
    07/20 15:57:20     OS Version: 5.2
    07/20 15:57:20     Build number: 3790

  • Now we want to check the validity of the name to see if it is a DNS name.

    07/20 15:57:20 NetpCheckDomainNameIsValid [ Exists ] for 'HPQBOX.ADAPPS.HP.COM' returned 0x0

  • Next, we need to find a DC. At first, it didn't find a machine account for this computer, then it located a DC that it can work with.

    07/20 15:57:20 NetpDsGetDcName: trying to find DC in domain 'HPQBOX.ADAPPS.HP.COM', flags: 0x1020
    07/20 15:57:21 NetpDsGetDcName: failed to find a DC having account 'HPQBOX-DC03$': 0x525
    07/20 15:57:21 NetpDsGetDcName: found DC '\\HPQBOX-DC02.hpqbox.adapps.hp.com' in the specified domain

  • Here is our problem: It found the DC, but in establishing a connection to IPC$ we get a 1326. Doing a Net Helpmsg 1326 from a command line, we see that it means "Logon failure: unknown user name or bad password."

    07/20 15:57:22 NetUseAdd to \\HPQBOX-DC02.hpqbox.adapps.hp.com\IPC$ returned 1326
    07/20 15:57:22 NetpJoinDomain: status of connecting to dc '\\HPQBOX-DC02.hpqbox.adapps.hp.com': 0x52e
    07/20 15:57:22 NetpDoDomainJoin: status: 0x52e
    07/20 15:57:32 -----------------------------------------------

  • We saw earlier that the account we used was olseng; a known administrator account with proper credentials. Obviously the password was incorrect. I ran the join again with the right password and it was successful.

    What a successful domain join should look like

  • Here is a successful domain join. (The first part of the log is pretty much the same as the unsuccessful example shown previously, so I snipped that part out.)

    07/26 17:26:35 -----------------------------------------------
    07/26 17:26:35 NetpDoDomainJoin
    07/26 17:26:35 NetpMachineValidToJoin: 'HPQBOX-DC03'

  • Here it finds HPQBOX-DC02 to work with.

    07/26 17:26:40 NetpJoinDomain: status of connecting to dc '\\HPQBOX-DC02.hpqbox.adapps.hp.com': 0x0
    07/26 17:26:41 NetpJoinDomain: Passed DC '\\HPQBOX-DC02.hpqbox.adapps.hp.com' verified as DNS
    name '\\HPQBOX-DC02.hpqbox.adapps.hp.com'
    07/26 17:26:42 NetpGetLsaPrimaryDomain: status: 0x0
    07/26 17:26:42 NetpGetDnsHostName: Read NV Hostname: HPQBOX-DC03
    07/26 17:26:42 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name: hpqbox.adapps.hp.com

  • Now it is creating a Machien account.

    07/26 17:26:45 NetpJoinDomain: status of creating account: 0x0
    07/26 17:26:48 NetpGetComputerObjectDn: Cracking DNS domain name hpqbox.adapps.hp.com/ into Netbios on \\HPQBOX-DC02.hpqbox.adapps.hp.com
    07/26 17:26:49 NetpGetComputerObjectDn: Crack results: name = HPQBOX\
    07/26 17:26:49 NetpGetComputerObjectDn: Cracking account name HPQBOX\HPQBOX-DC03$ on \\HPQBOX-DC02.hpqbox.adapps.hp.com

  • The account exists since it was created in our unsuccessful join.

    07/26 17:26:49 NetpGetComputerObjectDn: Crack results: (Account already exists) DN = CN=HPQBOX-DC03,CN=Computers,DC=hpqbox,DC=adapps,DC=hp,DC=com
    07/26 17:26:49 NetpModifyComputerObjectInDs: Initial attribute values:
    07/26 17:26:49     DnsHostName = HPQBOX-DC03.hpqbox.adapps.hp.com
    07/26 17:26:49     ServicePrincipalName = HOST/HPQBOX-DC03.hpqbox.adapps.hp.com
    HOST/HPQBOX-DC03
    07/26 17:26:49 NetpModifyComputerObjectInDs: Computer Object already exists in OU:
    07/26 17:26:49     DnsHostName =
    07/26 17:26:49     ServicePrincipalName =
    07/26 17:26:49 NetpModifyComputerObjectInDs: Attribute values to set:
    07/26 17:26:49     DnsHostName = HPQBOX-DC03.hpqbox.adapps.hp.com
    07/26 17:26:49     ServicePrincipalName = HOST/HPQBOX-DC03.hpqbox.adapps.hp.com
    HOST/HPQBOX-DC03

    <snipped a bunch of status messages>

  • Now we define the DNS domain, sync w32Time and disconnect from the DC.

    07/26 17:26:51 NetpJoinDomain: status of setting ComputerNamePhysicalDnsDomain to 'hpqbox.adapps.hp.com': 0x0
    07/26 17:26:51 NetpUpdateW32timeConfig: 0x0
    07/26 17:26:52 NetpJoinDomain: status of disconnecting from '\\HPQBOX-DC02.hpqbox.adapps.hp.com': 0x0

    What the NETSETUP.log tells us

    As you can see, this log is very straightforward and easy to read. I have used it extensively to verify that our assumptions about things, such as entering the correct domain and machine names and using the correct account, were what we thought they were. In my case, I receive this info from an administrator over the phone whose server I've never seen or touched. It is a great way for me to validate what the admin told me and it helps me isolate the problem.

    This is a very simple example, but I've seen them from servers that were moved from an NT domain to a Windows 2003 domain, and the NT account and domain information are visible as well. Note, too, that you will see sections when joining and unjoining a workgroup. So if you tell the admin to join a workgroup then join the domain, you can verify in the Netsetup.log if it in fact did join the workgroup successfully before attempting a domain join.

    Take time to look through all the files you get in MPS Reports. Often, we look at the common ones that we are familiar with and miss the valuable data in others like the Netsetup.log.

    Gary Olsen is a systems software engineer for Hewlett-Packard in Global Solutions Engineering. He authored Windows 2000: Active Directory Design and Deployment and co-authored Windows Server 2003 on HP ProLiant Servers.

    This was first published in October 2006

    Dig deeper on Microsoft Active Directory Tools and Troubleshooting

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchServerVirtualization

    SearchCloudComputing

    SearchExchange

    SearchSQLServer

    SearchWinIT

    SearchEnterpriseDesktop

    SearchVirtualDesktop

    Close