Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
5722 NETLOGON errors

Answered 5722 NETLOGON errors

  • Thursday, June 14, 2012 11:08 PM
     
      Has Code
    Sign In to Vote
    0

    I'm getting this error on ALL client computers in my child domain.  I've been searching Google/Technet for a couple days now, with no luck.

    Possibly related:  Sometimes client computers of this child domain will be able to ping the outside world, but are unable to browse the internet using Internet Explorer.

    Adam

    Log Name:      System
Source:        NETLOGON
Date:          6/14/2012 4:01:01 PM
Event ID:      5723
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      ENGDEVDC01.engdev.splunk.local
Description:
The session setup from computer 'BAMBOO-27' failed because the security database does not contain a trust account 'BAMBOO-27$' referenced by the specified computer.  

USER ACTION  
If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time.  If this is a Read-Only Domain Controller and 'BAMBOO-27$' is a legitimate machine account for the computer 'BAMBOO-27' then 'BAMBOO-27' should be marked cacheable for this location if appropriate or otherwise ensure connectivity to a domain controller  capable of servicing the request (for example a writable domain controller).  Otherwise, the following steps may be taken to resolve this problem:  

If 'BAMBOO-27$' is a legitimate machine account for the computer 'BAMBOO-27', then 'BAMBOO-27' should be rejoined to the domain.  

If 'BAMBOO-27$' is a legitimate interdomain trust account, then the trust should be recreated.  

Otherwise, assuming that 'BAMBOO-27$' is not a legitimate account, the following action should be taken on 'BAMBOO-27':  

If 'BAMBOO-27' is a Domain Controller, then the trust associated with 'BAMBOO-27$' should be deleted.  

If 'BAMBOO-27' is not a Domain Controller, it should be disjoined from the domain.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="NETLOGON" />
    <EventID Qualifiers="0">5723</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-06-14T23:01:01.000000000Z" />
    <EventRecordID>4429</EventRecordID>
    <Channel>System</Channel>
    <Computer>ENGDEVDC01.engdev.splunk.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>BAMBOO-27</Data>
    <Data>BAMBOO-27$</Data>
    <Binary>8B0100C0</Binary>
  </EventData>
</Event>

     

All Replies

  • Thursday, June 14, 2012 11:17 PM
     
     Proposed
    Sign In to Vote
    0

    Hello,

    are the machines created from an image that is not prepared with sysprep?

    Do you use ONLY domain DNS servers on the NIC and have FORWARDERS configured in the DNS server properties in the DNS mangagement console to the ISPs DNS server?

    Please post an unedited ipconfig /all from ALL DC/DNS servers and a client with the error.

    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

     
  • Friday, June 15, 2012 12:27 PM
     
     
    Sign In to Vote
    0
    If its an client side issue check rejoining the machine

    Hope it helps __________________________ Best regards Sarang Tinguria MCP, MCSA, MCTS Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

     
  • Friday, June 15, 2012 2:50 PM
    Moderator
     
     Answered
    Sign In to Vote
    0

    The reason can be many & one of them is mentioned by Meinolf is machine prepared using snapshot or clone & they were not syspreped to changed its SID due to which SID duplication is there & ultimately landed up to broken secure channel. The other reason can be due to duplicate computer object in AD or duplicate host records in the DNS, duplicate SPN, updated drivers or patches missing etc.

    http://awinish.wordpress.com/2010/12/24/when-secure-channel-is-broken/

    If you have windows 7/2008 R2 facing such issue, you need to make sure these two hotfixes are deployed.

    http://support.microsoft.com/?id=976494   http://support.microsoft.com/kb/979495


    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

     
  • Monday, June 18, 2012 2:57 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hi,

     

    I would like to confirm what is the current situation? If there is anything that I can do for you, please do not hesitate to let me know, and I will be happy to help.

    Regards,

    Arthur Li

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

    Arthur Li

    TechNet Community Support