802.1x - NETLOGON service error
-
Wednesday, March 07, 2012 7:27 AM
Hi,
I have problem with NETLOGON service. If I enabled 802.1x on my computer then I receive NETLOGON 5719 error after start OS. I receive another Time-Service 129 and WMI 10 error. Is there any posibilities to delay start NETLOGON service?
I tried change NETLOGON dependences, regedit parameters but nothing work, still same error.
All Replies
-
Thursday, March 08, 2012 7:23 AMModerator
Hi,
Thank you for the post.
Please perform steps below to troubleshooting:
1. Verify the switch portfast setting enabled,KB247922
2. Disable media sense for TCP/IP, KB938449
3. Use both computer and user authentication,KB904943If there are more inquiries on this issue, please feel free to let us know.
Regards
Rick Tan
TechNet Community Support
-
Thursday, March 08, 2012 12:08 PM
Hi Rick,
thank you for reply.
I have portfast (edge port) enabled and disabled media sense and still same error.
I cannot enable user authentication because we have multiple domain computers with local users.
But as I said before, any NETLOGON error if I turned 802.1x off.
Thanks, Petr
-
Friday, March 09, 2012 2:20 AMModerator
Hi,
Please elaborate more about your issue:
1. The error happened on all clients? Started when you deploy 802.1x?
2. You turned 802.1x off on switch and client computer, the error exists? Try to ping DNS/DHCP ip address or rejoin the computer to the domain.
3. Enable the Netlogon debug log according to KB109626.
4. Provide the client ipconfig/all result and event log to us.Regards
Rick Tan
TechNet Community Support
-
Friday, March 09, 2012 6:57 AM
Hi Rick,
1) Yes, exactly. When I deployed 802.1x then I received NETLOGON error on all my computers. But after this error everything work. Users login, GPO processing, Outlook client, everything. Only NETLOGON error in event log.
2) No, after disabled dot1x on switch error disappears.
3) Ok, I will try it.
4) I mean that no problem in network because if 802.1x is disable everything work fine. After reboot I have only two event (NETLOGON - 5719 and Time-Service 129).
Thank you, Petr
-
Monday, March 12, 2012 4:02 AMModerator
Hi Petr,
Well, please resolve the Netlogon 5719 error first before enable the 802.1x. The error couldn't be ignored due that it means Netlogon is unable to locate DC.
http://blogs.technet.com/b/instan/archive/2008/09/18/netlogon-5719-and-the-disappearing-domain.aspx
Regards
Rick Tan
TechNet Community Support
-
Monday, March 12, 2012 7:28 AM
Hi Rick,
I have 5719 error only if 802.1x is enabled.
After investigate NETLOGON debug log I found that problem is in DHCP response time.
Here is simple procedure:
1) NETLOGON is starting
2) NIC set APIPA address because cannot found DHCP server (port on switch not authenticate yet)
3) NETLOGON service try to find DC but without success because network interface don't have IP address yet
4) NETLOGON service write 5719 error in to event log
5) RADIUS server authenticate computer account and switch enable appropriate port
6) NIC received IP address
7) NETLOGON service found DC and everything works without problem
So, my question is how can I delay NETLOGON service to wait for appropriate IP address from DHCP server?
-
Tuesday, March 13, 2012 2:57 AMModerator
Hi Petr,
Well, please perform Resolution 4 or Resolution 2 in KB938449.
Regards
Rick Tan
TechNet Community Support
-
Tuesday, March 13, 2012 12:20 PM
Hi Rick,
I tried it both but still same error :/
-
Wednesday, March 14, 2012 6:18 AMModeratorHi Petr,
Have you restarted your system to make the change take effect?
RegardsRick Tan
TechNet Community Support
-
Wednesday, March 14, 2012 8:17 AMHi Rick,
yes. I receive NETLOGON error only after boot my OS. So I have to restart OS always after something I changed.
.png)
