"Ping response" and "DsGetDcName" Spam in our netlogon.log files.

regeter · Apr 21, 2005

Hello,

Since two months or so we cannot use the netlogon.log file to look up
locked out accounts anymore. I had to increase it's size to deal with
the spam that gets generated. I have no idea what causes it but suspect
the DNS.

This log is straight from our PDC (win2003), I replaced our domain and
server info with %VARIABLE% placeholders.

LOGFILESTART****************************************
04/21 06:21:06 [MAILSLOT] %DOMAIN%: Ping response 'Sam Logon Response
Ex' (null) to \\%HOST%: Site: %SITE%: on <Local>
04/21 06:21:06 [MISC] %DOMAIN%: DsGetDcName function returns 0:
Dom

null) Acct

null) Flags: DS GC RET_DNS
04/21 06:21:06 [MISC] %DOMAIN%: DsGetDcName function called: Dom

null)
Acct

null) Flags: DS GC RET_DNS
04/21 06:21:06 [MAILSLOT] Received ping from %HOST%: %Domain%.intra.
(null) on <Local>
04/21 06:21:06 [MAILSLOT] %DOMAIN%: Ping response 'Sam Logon Response
Ex' (null) to \\%HOST%: Site: %SITE%: on <Local>
04/21 06:21:06 [MISC] %DOMAIN%: DsGetDcName function returns 0:
Dom

null) Acct

null) Flags: DS GC RET_DNS
04/21 06:21:06 [MISC] %DOMAIN%: DsGetDcName function called: Dom

null)
Acct

null) Flags: DS GC RET_DNS
04/21 06:21:06 [MAILSLOT] Received ping from %HOST%: %Domain%.intra.
(null) on <Local>
04/21 06:21:06 [MAILSLOT] %DOMAIN%: Ping response 'Sam Logon Response
Ex' (null) to \\%HOST%: Site: %SITE%: on <Local>
04/21 06:21:06 [MISC] %DOMAIN%: DsGetDcName function returns 0:
Dom

null) Acct

null) Flags: DS GC RET_DNS
04/21 06:21:06 [MISC] %DOMAIN%: DsGetDcName function called: Dom

null)
Acct

null) Flags: DS GC RET_DNS
04/21 06:21:06 [MAILSLOT] Received ping from %HOST%: %Domain%.intra.
(null) on <Local>
04/21 06:21:06 [MAILSLOT] %DOMAIN%: Ping response 'Sam Logon Response
Ex' (null) to \\%HOST%: Site: %SITE%: on <Local>
04/21 06:21:06 [MISC] %DOMAIN%: DsGetDcName function returns 0:
Dom

null) Acct

null) Flags: DS GC RET_DNS
04/21 06:21:06 [MISC] %DOMAIN%: DsGetDcName function called: Dom

null)
Acct

null) Flags: DS GC RET_DNS
04/21 06:21:06 [MAILSLOT] Received ping from %HOST%: %Domain%.intra.
(null) on <Local>
04/21 06:21:06 [MAILSLOT] %DOMAIN%: Ping response 'Sam Logon Response
Ex' (null) to \\%HOST%: Site: %SITE%: on <Local>
04/21 06:21:06 [MISC] %DOMAIN%: DsGetDcName function returns 0:
Dom

null) Acct

null) Flags: DS GC RET_DNS
04/21 06:21:06 [MISC] %DOMAIN%: DsGetDcName function called: Dom

null)
Acct

null) Flags: DS GC RET_DNS
04/21 06:21:06 [MAILSLOT] Received ping from %HOST%: %Domain%.intra.
(null) on <Local>
04/21 06:21:06 [MAILSLOT] %DOMAIN%: Ping response 'Sam Logon Response
Ex' (null) to \\%HOST%: Site: %SITE%: on <Local>
04/21 06:21:06 [MISC] %DOMAIN%: DsGetDcName function returns 0:
Dom

null) Acct

null) Flags: DS GC RET_DNS
04/21 06:21:06 [MISC] %DOMAIN%: DsGetDcName function called: Dom

null)
Acct

null) Flags: DS GC RET_DNS
04/21 06:21:06 [MAILSLOT] Received ping from %HOST%: %Domain%.intra.
(null) on <Local>
04/21 06:21:06 [MAILSLOT] %DOMAIN%: Ping response 'Sam Logon Response
Ex' (null) to \\%HOST%: Site: %SITE%: on <Local>
04/21 06:21:06 [MISC] %DOMAIN%: DsGetDcName function returns 0:
Dom

null) Acct

null) Flags: DS GC RET_DNS
04/21 06:21:06 [MISC] %DOMAIN%: DsGetDcName function called: Dom

null)
Acct

null) Flags: DS GC RET_DNS
04/21 06:21:06 [MAILSLOT] Received ping from %HOST%: %Domain%.intra.
(null) on <Local>
04/21 06:21:06 [MAILSLOT] %DOMAIN%: Ping response 'Sam Logon Response
Ex' (null) to \\%HOST%: Site: %SITE%: on <Local>
04/21 06:21:06 [MISC] %DOMAIN%: DsGetDcName function returns 0:
Dom

null) Acct

null) Flags: DS GC RET_DNS
04/21 06:21:06 [MISC] %DOMAIN%: DsGetDcName function called: Dom

null)
Acct

null) Flags: DS GC RET_DNS
04/21 06:21:06 [MAILSLOT] Received ping from %HOST%: %Domain%.intra.
(null) on <Local>
04/21 06:21:06 [MAILSLOT] %DOMAIN%: Ping response 'Sam Logon Response
Ex' (null) to \\%HOST%: Site: %SITE%: on <Local>
04/21 06:21:06 [MISC] %DOMAIN%: DsGetDcName function returns 0:
Dom

null) Acct

null) Flags: DS GC RET_DNS
04/21 06:21:06 [MISC] %DOMAIN%: DsGetDcName function called: Dom

null)
Acct

null) Flags: DS GC RET_DNS
04/21 06:21:06 [MAILSLOT] Received ping from %HOST%: %Domain%.intra.
(null) on <Local>
04/21 06:21:06 [MAILSLOT] %DOMAIN%: Ping response 'Sam Logon Response
Ex' (null) to \\%HOST%: Site: %SITE%: on <Local>
04/21 06:21:06 [MISC] %DOMAIN%: DsGetDcName function returns 0:
Dom

null) Acct

null) Flags: DS GC RET_DNS
04/21 06:21:07 [MISC] %DOMAIN%: DsGetDcName function called: Dom

null)
Acct

null) Flags: DS GC RET_DNS
04/21 06:21:07 [MAILSLOT] Received ping from %HOST%: %Domain%.intra.
(null) on <Local>
04/21 06:21:07 [MAILSLOT] %DOMAIN%: Ping response 'Sam Logon Response
Ex' (null) to \\%HOST%: Site: %SITE%: on <Local>
04/21 06:21:07 [MISC] %DOMAIN%: DsGetDcName function returns 0:
Dom

null) Acct

null) Flags: DS GC RET_DNS
04/21 06:21:07 [MISC] %DOMAIN%: DsGetDcName function called: Dom

null)
Acct

null) Flags: DS GC RET_DNS
04/21 06:21:07 [MAILSLOT] Received ping from %HOST%: %Domain%.intra.
(null) on <Local>
04/21 06:21:07 [MAILSLOT] %DOMAIN%: Ping response 'Sam Logon Response
Ex' (null) to \\%HOST%: Site: %SITE%: on <Local>
04/21 06:21:07 [MISC] %DOMAIN%: DsGetDcName function returns 0:
Dom

null) Acct

null) Flags: DS GC RET_DNS
04/21 06:21:07 [MISC] %DOMAIN%: DsGetDcName function called: Dom

null)
Acct

null) Flags: DS GC RET_DNS
04/21 06:21:07 [MAILSLOT] Received ping from %HOST%: %Domain%.intra.
(null) on <Local>
04/21 06:21:07 [MAILSLOT] %DOMAIN%: Ping response 'Sam Logon Response
Ex' (null) to \\%HOST%: Site: %SITE%: on <Local>
04/21 06:21:07 [MISC] %DOMAIN%: DsGetDcName function returns 0:
Dom

null) Acct

null) Flags: DS GC RET_DNS
04/21 06:21:07 [MISC] %DOMAIN%: DsGetDcName function called: Dom

null)
Acct

null) Flags: DS GC RET_DNS
04/21 06:21:07 [MAILSLOT] Received ping from %HOST%: %Domain%.intra.
(null) on <Local>
04/21 06:21:07 [MAILSLOT] %DOMAIN%: Ping response 'Sam Logon Response
Ex' (null) to \\%HOST%: Site: %SITE%: on <Local>
04/21 06:21:07 [MISC] %DOMAIN%: DsGetDcName function returns 0:
Dom

null) Acct

null) Flags: DS GC RET_DNS
04/21 06:21:07 [MISC] %DOMAIN%: DsGetDcName function called: Dom

null)
Acct

null) Flags: DS GC RET_DNS
04/21 06:21:07 [MAILSLOT] Received ping from %HOST%: %Domain%.intra.
(null) on <Local>
04/21 06:21:07 [MAILSLOT] %DOMAIN%: Ping response 'Sam Logon Response
Ex' (null) to \\%HOST%: Site: %SITE%: on <Local>
04/21 06:21:07 [MISC] %DOMAIN%: DsGetDcName function returns 0:
Dom

null) Acct

null) Flags: DS GC RET_DNS
04/21 06:21:07 [MISC] %DOMAIN%: DsGetDcName function called: Dom

null)
Acct

null) Flags: DS GC RET_DNS
LOGFILEEND*******************************************************

I get the same log entries on all our DC's with changed host/site
names. We run AD in native 2000 mode, all our DC's are 2003 tho.
We have no trusts and have a single domain in our forest.

Here are the netlogon.log settings we defined with GPO's:
System/Net Logonhide
Policy Setting
Log File Debug Output Level Enabled
Level: 536936447

Policy Setting
Maximum Log File Size Enabled
Bytes: 99999999

Any help would be greatly appreciated.
Regards,
Reto

dre' · Sep 25, 2007

Hey, did you ever figure out what was cauing these errors to appear in the
netlogon.log file? I am getting the same errors.

Thanks,

-Andre

"Ping response" and "DsGetDcName" Spam in our netlogon.log files.

regeter

dre'