Chinese Characters in Netlogon.log -- re-asking

We have 822 occurrences of the following:
[CRITICAL] I_NetlogonLdapLookup: unrecognized character <Chinese characters>
in the last 2 days. The previous thread on this subject was marked "Answered" without being answered, so I'm re-asking:
1. Does anyone have any substantive information about what's sourcing this?
2. How can I associate a source IP with a single entry in the netlogon.log?
Here's what we know so far:
We have a Chinese linguist who has broken the character string down to 2 sections, the first being the same for all occurrences and the second being random-looking. He says the first section refers to "boats" or "water" and is looking
farther, but he says the string definitely looks like virus-like activity.
Second, I_NetlogonLdapLookup is a function inside netlogon.dll, so intuition says something is trying to do an LDAP lookup on the Chinese character string. We are looking into exactly how that function is supposed to be called (we're network guys, not
coders, so this may take longer than it should). Can someone help shorten this search?
C: There's no consistent contextual activity surrounding the actual log entries, so we're expecting to find out that there's more than one source, so it's extra important we figure out how to associate a source IP with these [CRITICAL] log entries,
especially since we may be looking for a root kit or something else that's able to hide from our multiple AV programs.
Assistance is appreciated, good analytical step-oriented result-generating assistance is GREATLY appreciated!
Robert
Oh yeah -- this is being logged on a DC in a 2008R2 domain with a small but growing number of 2012 member servers and almost no remaining servers lower than 2008R2. I can provide more details if anyone needs them

Hi all --
OK. It looks like we're all on the same page.
Here's a summary of the issue:
netlogon.log [CRITICAL] entry is reporting a failed attempt to execute an LDAP lookup on a Chinese character string (I_NetlogonLDAPLookup is a function inside netlogon.dll). There are no audit failures or other Event Log warnings or errors associated
with the log entries, so it's likely that the lookup is being performed after logging on to the domain with valid credentials. We don't think the character string is corrupted data because the first half of the string is identical in every
log entry and the total number of characters used across all occurrences is very small). Also, the variations in the 2nd half of the string are methodical and repetitive.
We hoped that translating the Chinese string would yield a clue pointing to the source of the attempted LDAP lookup. That didn't happen so we now must figure out how work back from the netlogon.log entry to the source platform.
The current situation:
The [CRITICAL] entries continue to be logged.
The distribution across 3 days of logs is making it look like we need to assume not one, but multiple sources.
I appreciate the standard advice re: 3rd-party AV software, DC build practices, security scans, power erasers and the like, but we are a QA/Test lab for a very complex product; scientific method and the need for operational stability preempts
us taking any corrective actions on any of our DCs (8 machines, 4 domains, 2 forests), Exchange servers (4 versions, 2 clusters per version) , Lync (2 versions), OCS, PKI, WSUS, DNS, DHCP, DHCPv6, SQL, or member servers until we actually prove that the machine in
question is a source of the bogus lookup attempts.
Paul -- I REALLY appreciate your straightforward no-bs reply. I can work with "I don't know" . Try-this-article-I-just -Googled Whack-A-Mole easter egg hunts, however.... <grin>
I'm going to close with one last (hopefully ) simple question: Where do I start the search for the UberSME who knows how to read the netlogon.log - specifically how to connect an event with its legitimate predecessor. Somebody
wrote the service, somebody knows how to interpret its logging output. Where do I start looking for them?
Best Regards,
Robert

Similar Messages

Chinese Characters in Netlogon.log

Hello,
I have enabled netlogon logging, and am noticing a few things that I am unable to diagnose after further research. My main concern is with a critical error that seems to occur every ten minutes. Occasionally the Chinese characters change but always translate
to roughly the same message. Searching google for information about "I_NetlogonLdapLookup" has provided no helpful information either. Does anybody know what could cause this? We have 3 DCs (Server 2008R2, 2012) and this shows up in all three netlogon
logs.
08/26 17:55:40 [CRITICAL] I_NetlogonLdapLookup: unrecognized parameter 湄䡳獯乴浡ѥ䠗偙剅㍖渮
All client computers are Windows 7 Pro x64. Any help is appreciated, thanks.
Alex Tester Information Technology Assistant National Automotive Experts

I noticed having chinese characters in my netlogon.log as well:
10/23 02:27:14 [CRITICAL] I_NetlogonLdapLookup: unrecognized parameter
湄䡳獯乴浡ѥ嘓ⵓ䅒㉓挮
10/23 02:27:14 [MAILSLOT] Received ping from SERVERNAME DOMAINNAME.SUFFIX (null) on UDP LDAP
The [CRITICAL] error occurs with the [MAILSLOT] ping record at the exact same time. The server name in the [MAILSLOT] error is always a 2012 server.
Almost all of my 2012 servers are in different [MAILSLOT] ping records at different times coupled with the [CRITICAL] error.
I have a mixed domain with 2008 SP2 DCs at 2003 forest and domain functional levels.
I would contribute this problem to having 2012 servers in the domain. As to why this is occurring, I cannot figure out. I haven’t been able to find any logs on the 2012 servers displaying this information.

Can I pass Chinese characters in a queue (Do queues support Unicode)?

I am aware that there are a number of tools to allow the use of Chinese characters within LabVIEW. I have successfully built an application where I am able to switch between English and Chinese so that all screen text, buttons, multi-column list boxes etc etc are updated correctly.
However, I do all my event logging using queues. When I dequeue the an item, I want to write it out to a log file (i.e. a ".txt" file) but the resulting file contains rubbish instead of the Chinese characters.
As an experiment, I created a simple VI that reads an array of Chinese text and writes it to a text file and this works fine. But, as I say, if I try doing this using queues, I just just get rubbish.
Any help would be very much appreciated.
Lee
Solved!
Go to Solution.

Hi Steve
I've tried to replicate my situation but now I get a different outcome. It seems that I am now getting Chinese characters in my text file. However, you'll see from my code that I'm trying to Tab seperate each item (Date, Time and Message) but this doesn't seem to be working. Likewise, I want to end each line with a Carriage Return but that doesn't seem to be working either.
I think I'm going to have to take it on the chin that something I'm doing in my "real" application is preventing me from seeing the Chinese characters in my log file.
I've attached the sample VI along with a sample logfile from my "real" application so you can see what I'm getting.
I can't really see what I've done different between my sample VI and my application. The only real difference is to do with the Byte Order Mark. In my application I've tried the following :-
Inserting this once at the beginning of the entire log file
Inserting it once at the start of each line of the log file
Inserting it before each piece of text excluding the date and time
Inserting it before every message item including the Tabs and Carriage Returns
None of the above produce anything I can use.
Thanks for responding so quickly.
Cheers
Lee
Attachments:
Sample Chinese Queue.vi ‏37 KB
120125-16-15-59.txt ‏1 KB

My username is written in Chinese Characters, and now I cannot log in!

Hi everyone,
I am trying to help a friend of mine who is locked out of her macbook.
She has her username as Chinese Characters and has been logging on like this fine since she had her laptop. However she just changed the way you log in so that you need to enter your username and password when you log in.
The problem is that there is no way to enter chinese characters before you have actually logged in, so we cannot get passed the login screen. Does anyone know a way around this problem?

Roger-Walker-Arnott wrote:
The problem is that there is no way to enter chinese characters before you have actually logged in
It does not help you now probably, but there is a way to enter Chinese at the login screen. In system prefs/accounts you click on login options and check the box for Show Input Menu on login screen.

On my Macbook when logging on certain websites the page only shows some gurbled chinese characters.

When I log on to my banking on-line web address or my company's secure website the page comes garbled with some Chinese characters but the same page comes OK on Safari.

Which encoding is used?
*Firefox > Web Developer > Character Encoding
*View > Character Encoding
If an UTF-16 encoding is used then try UTF-8 or a Western encoding (ISO-8859-1)

Viewing Chinese characters in old Palm Desktop in Mac OS X 10.5.8?

Hello.
My client used his old Windows 2000 SP4 Dell PC for his Palm Treo 680 desktop, Hotsync (backups too), and Palm Desktop with English and Chinese data (characters with CJKOS -- http://www.dyts.com/en/products.html ). He finally switched to his 3+ years old
MacBook Pro with updated Mac OS X 10.5.8 since Palm finally released software for it compared a few years ago. However, Mac's Palm Desktop, iCal, Addressbooks, etc. do not show these Chinese characters.
Do you know how do we display Chinese characters in these program? Other programs like Office 2008, Firefox v3.6.25, etc. show and input Chinese characters just fine. I know we have to use TwinBridge CJK/Chinese Partner v6.0 in Windows 2000 SP4 to show them so I assume it is similiar for Mac OS X. TwinBridge doesn't seem to have a Mac OS X product port. Is there a similar program (free preferred)?
Thank you in advance.

BDAqua wrote:
Hi, no idea what Palm uses, but on Mac Apps might do a Get Info on them & see what Languages are checked...
The languages options were greyed out and could not add languages, so I had to log into the administrator-level account to add but Finder asked me where which I didn't know. I only saw the common/popular foreign languages (French, Spanish, and German) for Palm Desktop. No Chinese ones. I tried Apple's Address Books, and I saw Chinese and they were checked in non-administrator account. I guess that's not the problem.

Issue Regarding Chinese characters In Smart Form Print preview..

Hi All,
I am working on a smart form development for chinese users. The requirement is the user will login using English & when the delivery will be issued for output, a check will be done on the country of user. If that comes as china then the international version (C) maintained for that customer will come as output.
Now the problem is even if I login using EN or ZH the below issue I am facing always.
In the database I can view the details in chinese properly by logging in as ZH. During debugging also i checked the data from table ADRC & MAKT is coming in chinese properly. But when i gave the values to be output in SmartForm, it is showing the characters like how it will look if I login using EN & view the table contents.
When i view the data by changing character set as Simplified Chinese then in table i can see chinese texts properly. But when the same data goes to print preview it shows the chinese characters like as it would appear when character set is Unicode or West European..
Please help..
Thanks in advance.
Edited by: malayanayak123 on Jun 1, 2011 5:48 AM

Dear,
print preview and physical printout are two different things.
PrintPreview:
The data stream will be sent to the frontend and rendered with windows-fonts etc (for backend prints a simulation).
Printout:
Frontend: You need a printer, that maps the character, you have to use SAPWIN or SAPWINCF when using cascading fonts. The rendering will be done in the windows spooler.
Backend: Your printer needs also a mapping (look like something with UTF8). Also the printer needs the fonts installed because the rendering will be done in the printer!
If you use the pdf-printer in SAP, you need to upload all necessary fonts (TTF) for the pdf-composer. Also you need a unicode pdf printer for that.
Regards,
Christian

LoadUserProfile() creates a profile with Chinese characters on a remote system

Hi,
I'm working on an application where LoadUserProfile() is being used to remotely load a user profile on a machine. The token being passed to LoadUserProfile() is obtained from LogonUser().
When doing this only with a Domain Admin user which is added in Active Directory, it creates a profile with Chinese characters in the C:\Users\ folder of the remote machine. Note that this happens only when logging in for the first time with
this Domain Admin account remotely on that machine.
// code:
PROFILEINFO pi;
memset((void *) &pi, 0, sizeof(PROFILEINFO));
pi.dwSize = sizeof(PROFILEINFO);
pi.dwFlags = PI_NOUI;
pi.lpUserName = (TCHAR *)strUser; //strUser is the User name, and it shows correctly here when debugging
if (LoadUserProfile(hToken, &pi))
//It is actually successful, and comes here when debugging.
Although the name shows up correctly when debugging (remotely), why is it creating a profile with Chinese characters on the remote machine?
TIA,
Jy

CreateProfile won't load the profile. You need to use LoadUserProfile to load the profile, and you need to query for a roaming profile path to put in the lpProfileInfo parameter if you want to include that as well. You need a token for a
user to call LoadUserProfile, but not a profile handle. LoadUserProfile will populate that for you before it returns if it was successful. See this excerpt from
https://msdn.microsoft.com/en-us/library/windows/desktop/bb762281%28v=vs.85%29.aspx:
Upon successful return, the hProfile member
of PROFILEINFO is
a registry key handle opened to the root of the user's hive. It has been opened with full access (KEY_ALL_ACCESS). If a service that is impersonating a user needs to read or write to the user's registry file, use this handle instead of HKEY_CURRENT_USER.
Do not close thehProfile handle.
Instead, pass it to the UnloadUserProfile function.
This function closes the handle. You should ensure that all handles to keys in the user's registry hive are closed. If you do not close all open registry handles, the user's profile fails to unload. For more information, see Registry
Key Security and Access Rights and Registry
Hives.
WinSDK Support Team Blog: http://blogs.msdn.com/b/winsdk/

Chinese characters in url

I´ve been asked to make a chinese version of a website
but although I can create the pages using chinese characters I
can´t make the urls or folders in chinese.
eg 住宿.asp
What should I be doing ?

"drew lawson" <[email protected]> wrote in
message
news:go3g6a$p7h$[email protected]..
> I?ve been asked to make a chinese version of a website
but although
> I can create the pages using chinese characters I can?t
make the
> urls or folders in chinese.
Most websites created in Asian languages use the Roman
alphabet (ABC)
for file and folder names. However, modern browsers are now
capable of
handling URLs in Chinese characters and other scripts. As
long as your
computer supports Chinese, so does Dreamweaver (unless you're
using an
old version). If I recall correctly, all versions since
Dreamweaver 8
support Asian and other scripts.
David Powers
Adobe Community Expert, Dreamweaver
http://foundationphp.com

Why aren't handwritten chinese characters showing up in applications?

I'm on a 13" MacBook Pro, running OS X 10.9.4. I have activated [Pinyin - Simplified] in my input sources, and I have activated the option for TrackPad handwriting. Typing the pinyin and choosing the right character works fine, but I haven't been able to input chinese characters into any document via the trackpad writing method. I am able to pull up the "slate" thing, write, and choose a character, but the character just doesn't show up in the application. I've tried it with TextEdit, Word, and Safari.

You might try asking at
https://groups.google.com/forum/#!forum/chinesemac
or if you know chinese well, at
https://discussionschinese.apple.com/

Why a " # " is coming while printing chinese characters from SAP script?

Hi All,
Facing one issue.
We have a SAP script for printing delivery note thru T-code VL03N. The script has chinese characters in it.
When I print this form the chinese characters that are hardcoded in the script can be seen in the print out but the ones which are coming from the table cannot be seen instead they are repalced by " # ".
Strangely, when a debug the script or see a print preview on the screen they can be seen as it is with no problem.
Only when I print it, on the paper print they are seen as # but the characters that are hardcoded in the script can be seen clearly on paper.
Secondly, in Transaction FB03 which is for display of list of documents it too has some chinese characters and when I print this directly from the t-code doing Shift-F1 ( no SAP script or form is involved in this case) then the same case is there the chinese characters get replaced by a " # ".
Any inputs or views are welcome.
Please suggest.
Thanks.
Cordially,
Saurabh.

Hi,
You need to set your activate multibyte functions to support.
Long on to SAP --->right side right corner (Customized local layout) --> click --->Select options --->select tab (l18N)
-->Check Activate multibyefunctions to support.
log off you SAP Gui then re-log in...you can able to view multi language characters.
Thanks,
Nelson

Corrupted Chinese characters shown while connecting to Sybase

SQL Developer experts,
While I connect to Sybase DB 11 via SQL developer 2.1.1 with 'jtds-1.2.5' JDBC driver, but I see corrupted Chinese characters from SQL developer, the Sybase DB is using 'iso_1' charset. Can anyone advise me how to solve the problem ? Any configuratioin should I do for the JDBC connection string and where to configure it ? Thanks in advance.

Hi,
When you browse your Sybase connection do you see the corrupt characters in the table name, column name the data or both.
Is the corrupt character a ? or an upsidedown ?
You say that you are using 'iso_1' charset in Sybase. Is this not just for western european languages ? in which case I wouldnt expect it to manage chinese characters.
When you log your Sybase instance using Sybase Central, do you see the correct characters?
Just to note I can browse I chinese (GBK) Sybase database where the tablenames, columnnames and data are in chinese.
Also that we currently only support jtds-1.2.jar .
Regards,
Dermot
SQL Developer Team

How to store and retrieve chinese characters

Hi, I am facing some problem in storing and retrieving of chinese characters from oracle,9i .
This is the character i am trying to store into the database
èªå¨ææ¬¾æºç½ç»
while trying to retrieve it, it shows
èª?ææ¬¾æºç½?
^ ^
you can see the weird characters like ? at some places.
here is the sample code which i can using to store and retrieve data from the database
class testInsert
public static void main(String[] args)
try {
     DriverManager.registerDriver (new oracle.jdbc.driver.OracleDriver());
     Connection conn = DriverManager.getConnection ("jdbc:oracle:thin:@172.16.6.81:1521:JFPPTDB1", "citi_user", "citi_user");
     int employee_id = 12345;
String ename = "èªå¨ææ¬¾æºç½ç»";
     oracle.jdbc.OraclePreparedStatement pstmt = (oracle.jdbc.OraclePreparedStatement)conn.prepareStatement("INSERT INTO employees (employee_id, last_name) VALUES (?, ?)");
     pstmt.setFormOfUse(2, oracle.jdbc.OraclePreparedStatement.FORM_NCHAR);
     pstmt.setInt(1, employee_id);
     pstmt.setString(2, ename);
     pstmt.execute();
pstmt.close();
pstmt = (oracle.jdbc.OraclePreparedStatement)conn.prepareStatement("SELECT last_name, employee_id from employees");
ResultSet rset = pstmt.executeQuery();
          String name = "";
          while(rset.next())
               name = rset.getString(1);
     int id = rset.getInt(2);
          System.out.println("the name is :"+name);
catch (SQLException sqe)
          System.out.println("Java SQLException caught, error message="+sqe.getMessage());
and the table in oracle is
SQL> desc employees;
Name Null? Type
LAST_NAME NVARCHAR2(10)
EMPLOYEE_ID NUMBER
I am using classes12.zip for oracle,9i. Is there any database setting that i need to know to retrieve the chinese characters?.
I have been facing this problem for quite sometime and it makes my life tough. Please help me in solving this issue.
Thanks
PD

hi, can you retrieve the chinese character from your os? When it comes to the wild code of asian character, you should focus on the database/client character setting. you may ask more about it from your dba.
have a nice weekend!
eilison
[email protected]

Store&read chinese characters in MS SQL server 2000 using Java

Hi,
I have a problem to store Chinese characters in MS SQL Server 2000, storing question marks(??????) instead of Chinese characters
I am using JSF framework, SUN APPLICATION Server 9.1 , MS SQL Server 2000 server and Microsoft data source driver class (com.microsoft.sqlserver.jdbc.SQLServerDataSource) to connect db.
I have one solution:
IN JSP:
<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
and
In database column type should nvarchar in place of varchar
while inserting or updating the same need to add N prefix with the value like insert into client(Name, Id .) values (N+)
the above is working fine but the problem is here i have already defined database with 100s of tables I cant change database tables as well as queries
Thanks,
Sathi

I don't know any betterer option, than to copy the database tabels redefining the Chinese data fields as nvarchar.
To be frank I had also problems writing to a html file Chinese text stored in MS SQLServer 2000 nvarchar fields.
The following worked:'
     public String getEncodedData(ResultSet resultSet, int columnIndex, String charset)
     throws SQLException
          //final String methodName = "getEncodedData";
          InputStream binaryStream =resultSet.getBinaryStream(columnIndex);
          String readStringFromStream=readStringFromStream(binaryStream, charset);//UTF_16LE);
          return readStringFromStream;
     public String readStringFromStream(InputStream inputStream, String charset) {
          final String methodName = "readStringFromStream";
          StringBuffer buffer = new StringBuffer();
          try {
               int ch;
               InputStreamReader isr = new InputStreamReader(inputStream, charset);
               Reader in = new BufferedReader(isr);
               while ((ch = in.read()) > -1) {
                    buffer.append((char)ch);
               in.close();
               return buffer.toString();
          } catch (IOException exception) {
               Log.printError(this,methodName, exception);
               return null;
     }And writing it to file:
     public void writeEncodedStringToFile(String text, String filePath, String charset, boolean append){
          final String methodName = "writeEncodedStringToFile";
          OutputStreamWriter writer= null;
          try {
               FileOutputStream fileOutputStream = new FileOutputStream(filePath, append);
               writer = new OutputStreamWriter(fileOutputStream, charset);
               writer.write(text);
          } catch (IOException exception) {
               Log.printError(this,methodName, exception);
          }finally{
               try {
                    writer.close();
               } catch (IOException exception) {
                    Log.printError(this,methodName, exception);
     }Edited by: astlanda on Feb 10, 2009 11:13 PM
Edited by: astlanda on Feb 10, 2009 11:21 PM

Unable to print chinese characters

Hello experts,
A script is triggered when i run the transaction FBL5N and a form is printed.
The issue is, i am unable to see the chinese text in the preview as well as print.
The chinese characters appers as ###, check boxesor some other symbols.
Tried chaging the priner settings also(ouput device and device type)
Tried changign the font family aslo.(CNKAI and CNHEI)
The functional consultant says using the existing priner settings they are able to print chinese characters through some other transactions like VF03
Waiting for positive responses.
Regards
Akmal

See [note 302228 - NLS trouble shooting: printing (collective note)|http://service.sap.com/sap/support/notes/302228]: Characters on printout printed as nothing, #, ?, ., box, other character. It contains a detailed procedure how to analyze and solve. See also note 753381 which contains a Word document (attachment) with a more detailed classification of character damage.
By the way, do you log in SAP in Chinese, do you have a Unicode system, do you use frontend printing, does your computer have Asian support installed, is the font installed on your computer?

Chinese Characters in Netlogon.log -- re-asking

Similar Messages

Maybe you are looking for