none
Netlogon error, event id 5722

    Question

  • I got a lot of Netlogon errors on DC-s for the different computer.


    The session setup from the computer "COMPUTER-NAME" failed to authenticate. The name(s) of the account(s) referenced in the security database is "COMPUTER-NAME$".  The following error occurred: 
    Access is denied.

    What could be the reason or how can I troubleshoot it?

    Friday, August 10, 2012 8:11 PM

Answers

  • I got a lot of Netlogon errors on DC-s for the different computer.


    The session setup from the computer "COMPUTER-NAME" failed to authenticate. The name(s) of the account(s) referenced in the security database is "COMPUTER-NAME$".  The following error occurred: 
    Access is denied.

    What could be the reason or how can I troubleshoot it?


    Hi,

    It seems the the secure has been broken between the DC and the problem computer.

    If the problem machine is member server or workstation then mostly issue resolves by performing disjoin and rejoin the problem machine to the domain.

    How many machine are affected?

    Check, if there is any security application or firewall causing the issue? For troubleshooting, you may temporary disable antivirus application or firewall.


    Best Regards,

    Abhijit Waikar.
    MCSA 2003 | MCSA:Messaging | MCTS | MCITP:Server Administrator | Microsoft Community Contributor | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.


    Friday, August 10, 2012 8:23 PM
  • In addition also ensure the following on Computer in question as this could be secure channel broken issue.

    (1) Check the DNS & WINS entries?
     IP configuration on clients and member servers:
    -----------------------------------
    1. Each workstation/member server should point to local DNS server as primary DNS and other remote DNS servers as secondary.
    2. Do not set public DNS server in TCP/IP setting of WS.

    (2) Check whether the Firewall service is ON of OFF?
    Refer link this to diable the firewall:http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx

    (3) Check the status of the machines account in the AD?(It may be disabled)
    If the Machine account is disable enable the same.

    (5) Remove the server from the domain & readd it to the domain else try using netdom utility to reset the secure channel between the server & the domain controller?
    http://support.microsoft.com/kb/260575

    (6)Also check the DNS console for duplicate record for the host machine and remove the same.

    Note:It could be due to AV or 3rd party security application which act as firewall and block AD communuctaion.AV like Symantec,trend,etc have new features to "protect network traffic".Please check AV setting and disable the same if defined.

    Take a look at below hotfix too.A secure channel is broken after you change the computer password on a Windows 7 or Windows Server 2008 R2-based client computer
    http://support.microsoft.com/kb/979495

    Hope this helps

     


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Friday, August 10, 2012 8:29 PM

All replies

  • Can you tell us when are you seeing this error in event log or somewhere else


    Hope it helps __________________________ Best regards Sarang Tinguria MCP, MCSA, MCTS Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Friday, August 10, 2012 8:14 PM
  • Yes I see them in event logs, in System
    Friday, August 10, 2012 8:15 PM
  • Event ID 5722 is logged on your Windows Server-based domain controller
    http://support.microsoft.com/kb/810977

    See this too:http://www.eventid.net/display.asp?eventid=5722&eventno=105&source=NETLOGON&phase=1

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Friday, August 10, 2012 8:23 PM
  • I got a lot of Netlogon errors on DC-s for the different computer.


    The session setup from the computer "COMPUTER-NAME" failed to authenticate. The name(s) of the account(s) referenced in the security database is "COMPUTER-NAME$".  The following error occurred: 
    Access is denied.

    What could be the reason or how can I troubleshoot it?


    Hi,

    It seems the the secure has been broken between the DC and the problem computer.

    If the problem machine is member server or workstation then mostly issue resolves by performing disjoin and rejoin the problem machine to the domain.

    How many machine are affected?

    Check, if there is any security application or firewall causing the issue? For troubleshooting, you may temporary disable antivirus application or firewall.


    Best Regards,

    Abhijit Waikar.
    MCSA 2003 | MCSA:Messaging | MCTS | MCITP:Server Administrator | Microsoft Community Contributor | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.


    Friday, August 10, 2012 8:23 PM
  • Use below link to check the Secure channel state

    http://support.microsoft.com/kb/158148                        

    Hope it helps __________________________ Best regards Sarang Tinguria MCP, MCSA, MCTS Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.


    Friday, August 10, 2012 8:25 PM
  • In addition also ensure the following on Computer in question as this could be secure channel broken issue.

    (1) Check the DNS & WINS entries?
     IP configuration on clients and member servers:
    -----------------------------------
    1. Each workstation/member server should point to local DNS server as primary DNS and other remote DNS servers as secondary.
    2. Do not set public DNS server in TCP/IP setting of WS.

    (2) Check whether the Firewall service is ON of OFF?
    Refer link this to diable the firewall:http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx

    (3) Check the status of the machines account in the AD?(It may be disabled)
    If the Machine account is disable enable the same.

    (5) Remove the server from the domain & readd it to the domain else try using netdom utility to reset the secure channel between the server & the domain controller?
    http://support.microsoft.com/kb/260575

    (6)Also check the DNS console for duplicate record for the host machine and remove the same.

    Note:It could be due to AV or 3rd party security application which act as firewall and block AD communuctaion.AV like Symantec,trend,etc have new features to "protect network traffic".Please check AV setting and disable the same if defined.

    Take a look at below hotfix too.A secure channel is broken after you change the computer password on a Windows 7 or Windows Server 2008 R2-based client computer
    http://support.microsoft.com/kb/979495

    Hope this helps

     


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Friday, August 10, 2012 8:29 PM
  • Thanks for your posts, will check and get back with results.

    Friday, August 10, 2012 8:54 PM
  • The error basically occurs due to duplicate/conflicting object in the AD as well as DNS, machine is not able to refresh its password end up in broken secure channel, duplicate SPN etc. How the machine has been configured, did you use image,template or some cloning software, if yes, did you perform sysprep tool to assing unique SID to those system prepared from the template?

    What is the OS on those problem system? How many such systems are affected & what is the service pack/patch level for those systems?

    http://awinish.wordpress.com/2010/12/24/when-secure-channel-is-broken/


    Awinish Vishwakarma - MVP

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Saturday, August 11, 2012 9:10 AM
  • Let me re post this a third time because it really REALLY might help somebody if it is re posted over and over again....

    In addition also ensure the following on Computer in question as this could be secure channel broken issue.

    (1) Check the DNS & WINS entries?
     IP configuration on clients and member servers:
    -----------------------------------
    1. Each workstation/member server should point to local DNS server as primary DNS and other remote DNS servers as secondary.
    2. Do not set public DNS server in TCP/IP setting of WS.

    (2) Check whether the Firewall service is ON of OFF?
    Refer link this to diable the firewall:http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx

    (3) Check the status of the machines account in the AD?(It may be disabled)
    If the Machine account is disable enable the same.

    (5) Remove the server from the domain & readd it to the domain else try using netdom utility to reset the secure channel between the server & the domain controller?
    http://support.microsoft.com/kb/260575

    (6)Also check the DNS console for duplicate record for the host machine and remove the same.

    Note:It could be due to AV or 3rd party security application which act as firewall and block AD communuctaion.AV like Symantec,trend,etc have new features to "protect network traffic".Please check AV setting and disable the same if defined.

    Take a look at below hotfix too.A secure channel is broken after you change the computer password on a Windows 7 or Windows Server 2008 R2-based client computer
    http://support.microsoft.com/kb/979495

    Hope this helps

    and maybe a fourth time...

    In addition also ensure the following on Computer in question as this could be secure channel broken issue.

    (1) Check the DNS & WINS entries?
     IP configuration on clients and member servers:
    -----------------------------------
    1. Each workstation/member server should point to local DNS server as primary DNS and other remote DNS servers as secondary.
    2. Do not set public DNS server in TCP/IP setting of WS.

    (2) Check whether the Firewall service is ON of OFF?
    Refer link this to diable the firewall:http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx

    (3) Check the status of the machines account in the AD?(It may be disabled)
    If the Machine account is disable enable the same.

    (5) Remove the server from the domain & readd it to the domain else try using netdom utility to reset the secure channel between the server & the domain controller?
    http://support.microsoft.com/kb/260575

    (6)Also check the DNS console for duplicate record for the host machine and remove the same.

    Note:It could be due to AV or 3rd party security application which act as firewall and block AD communuctaion.AV like Symantec,trend,etc have new features to "protect network traffic".Please check AV setting and disable the same if defined.

    Take a look at below hotfix too.A secure channel is broken after you change the computer password on a Windows 7 or Windows Server 2008 R2-based client computer
    http://support.microsoft.com/kb/979495

    Hope this helps


    Wednesday, July 30, 2014 7:03 PM