Hi Guy,
took me a while to find the Article again, here it is:
312571 The Event Log Stops Logging Events Before Reaching the Maximum Log
Size
http://support.microsoft.com/?ln=enid=312571
It describes how you are able to configure a feature to automatically dump
the eventlog into a file if it
Thanks !
This is exactly what I needed.
And if anyone is interested, here is an ADM I wrote to deploy the settings (works the same on W2K3):
(might wrap)
### Cut here
#if version = 3
CLASS MACHINE
CATEGORY !!System
CATEGORY !!EventViewer
#if version = 4
PROTECTED]
Subject: RE: [ActiveDir] By design or configurable ?
I was too lazy to tell the long story that made me speculate about TGTs, so
I'll try to explain the reason for asking:
We have 2 W2K3 forests with Kerberos transitive trust.
Forest corp.com has 3 child domains respectively
Guy,
One way to avoid the problems of a full security log is to set the logs
to overwrite as needed. You can set this via group policy.
I don't know if the kerberos ticket is cached or not. (I suspect not.)
When a machine reconnects to the network and you attempt to access a
network resource,
, Dennis M.
Sent: Monday, August 23, 2004 6:48 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] By design or configurable ?
Guy,
One way to avoid the problems of a full security log is to set the logs
to overwrite as needed. You can set this via group policy.
I don't know if the kerberos ticket
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gasper, Rick
Sent: Monday, August 23, 2004 9:02 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] By design or configurable ?
I have had the same problem, but setting the logs to overwrite is bad system
administration. IF a person attempt
]
[mailto:[EMAIL PROTECTED] On Behalf Of Depp, Dennis M.
Sent: Monday, August 23, 2004 6:48 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] By design or configurable ?
Guy,
One way to avoid the problems of a full security log is to set the logs to
overwrite as needed. You can set
PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Guy Teverovsky
Sent: Monday, August 23, 2004 4:24 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] By design or configurable ?
Interesting...
I have Audit: Shutdown system immediately if unable to log security audits
set to disabled and security
I was too lazy to tell the long story that made me speculate about TGTs,
so I'll try to explain the reason for asking:
We have 2 W2K3 forests with Kerberos transitive trust.
Forest corp.com has 3 child domains respectively:
emea.company.com
amer.company.com
ap.company.com
Second forest
] On Behalf Of Guy Teverovsky
Sent: Monday, August 23, 2004 4:24 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] By design or configurable ?
Interesting...
I have Audit: Shutdown system immediately if unable to log security audits
set to disabled and security log size configured to 128Mb
:[EMAIL PROTECTED] On Behalf Of Guy Teverovsky
Sent: Monday, August 23, 2004 4:48 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] By design or configurable ?
I was too lazy to tell the long story that made me speculate about TGTs, so
I'll try to explain the reason for asking:
We have 2 W2K3
Teverovsky
Sent: Monday, August 23, 2004 5:01 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] By design or configurable ?
Right, but this feature was turned off in GPO, so the box was not supposed
to crash.
And how would you explain the working replication (with full security
logs) till the box
Guy,
If you're using MIT Kerberos on the other end of that trust you probably
need to call PSS and ask them for the following hotfix...
http://support.microsoft.com/default.aspx?scid=kb;en-us;825081
WindowsXP-KB825081-x86-ENU.exe
While you have them on the phone, you may as well ask them for the
Sent: Monday, August 23, 2004 5:01 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] By design or configurable ?
Right, but this feature was turned off in GPO, so the box was not supposed
to crash.
And how would you explain the working replication (with full security
logs) till the box
These are my notes form the last time I fought this issue. Hope they
help. Basically the DC will not replicate until the logs are cleared
or the registry key is changed.
Problem
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\CrashOnAuditFail. When
this registry key is set to the value of 2 then
15 matches
Mail list logo