Netlogon Debug Log
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] “DBFlag”=dword:2080ffff (hexadecimal value)
Then open a cmd and type net stop netlogon && net start netlogon to enable the debugging mode. The Debug logging writes to C:\Windows\Debug\netlogon.log
Winlogon.Log
After fresh installation of Windows Server domain controller you could see that you have no winlogon.log file which is useful to debugging AD GPO’s.
For example when you need to troubleshot SceCli events. Event ID 1202 tells you to use: FIND /I “Cannot find” %SYSTEMROOT%\Security\Logs\winlogon.log
To create it, go to regedit and go to following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}
Click the key ExtensionDebugLevel and enter 2 as a Data.
After refreshing AD policies with GPUpdate you should see your winlogon.log file