none
Windows 7 Pro - Netlogon error 5719 - There are currently no logon servers available to service the logon request. RRS feed

  • Question

  • Hi all,

    I'm about at my wits end trying to fix this issue, and require your assistance please.

    On multiple Windows 7 PC's in our environment, we are getting these types of errors:

    Log Name:      System
    Source:        NETLOGON
    Date:          12/11/2019 3:05:06 PM
    Event ID:      5719
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      P37905.domain.local
    Description:
    This computer was not able to set up a secure session with a domain controller in domain DOMAIN.LOCAL due to the following: 
    There are currently no logon servers available to service the logon request. 
    This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.  

    ADDITIONAL INFO 
    If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

    -----------------------------------

    Log Name:      System
    Source:        Microsoft-Windows-GroupPolicy
    Date:          12/11/2019 3:05:06 PM
    Event ID:      1055
    Task Category: None
    Level:         Error
    Keywords:      
    User:          SYSTEM
    Computer:      P37905.domain.local
    Description:
    The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
    a) Name Resolution failure on the current domain controller. 
    b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

    -----------------------------------

    Log Name:      System
    Source:        Microsoft-Windows-GroupPolicy
    Date:          13/11/2019 8:00:55 AM
    Event ID:      1129
    Task Category: None
    Level:         Error
    Keywords:      
    User:          SYSTEM
    Computer:      P52237.domain.local
    Description:
    The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.

    -----------------------------------

    As a result of these errors, PC's are not applying Group Policy on startup.

    Periodic Group Policies seem to apply, but after making modifications to Group Policy and including new policies for clients, they are not applying correctly.

    The following articles have been located and tried to no avail:

    https://support.microsoft.com/en-us/help/2421599
    https://support.microsoft.com/en-au/help/938449/netlogon-event-id-5719-or-group-policy-event-1129-is-logged-when-you-s
    https://support.microsoft.com/en-us/help/247922/a-netlogon-event-id-5719-event-message-is-logged-when-you-start-a-wind

    Troubleshooting thus far:

    -Created A records for NETBIOS name for domain pointing to IP's of Domain Controllers
    -Confirmed that no rogue NS or A records existed for DNS servers
    -Confirmed access to SYSVOL and NETLOGON shares in the domain have authenticated users as read access
    -Took packet capture on firewall to confirm no domain management traffic was being blocked (LDAP, Kerberos, DNS, RPC/EPM etc)

    Any assistance is appreciated, thank you

    Pat

    Friday, November 15, 2019 5:52 AM

Answers

All replies

  • Clarify the following:

    - Do all Windows 7 clients have this issue or only some?
    - Are you using multiple subnets, or does a subnet contain both working and non-working computers?
    - What is the OS and domain functional level on your Domain Controller?

    Can you verify routes from a client to the server? From your post, you claim that domain management traffic isn't being blocked, was this verified against an un-working client origin, or in general?

    Have you tried connecting one of these clients to the same subnet that the server is on? Want to make sure that you are using the correct order of operations, if you have a network configuration issue rather than an Windows 7 client issue.

    Also to note that this is the section for deployments, not for domain or networking support. Perhaps a mod can be nice to move this thread to the appropriate section.

    Friday, November 15, 2019 10:15 PM
  • Hi Pat,

    The event 5719 typically cause by the DC can’t communication each other, please confirm you have configured the correct DNS server on those problematic Windows 7 clients and disable firewall temporarily, check again.

    Enable "Always wait for the network at computer startup and logon" on the server

    Reference:

    https://blogs.technet.microsoft.com/instan/2008/09/18/netlogon-5719-and-the-disappearing-domain-controller/

    Regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Patrick500 Tuesday, November 26, 2019 10:33 PM
    Monday, November 18, 2019 3:00 AM
    Moderator
  • Hi Tripredacus and Teemo,

    Thank you for your responses.

    I've identified that our SYSVOL replication is still being done by FRS even though the functional levels are 2012 R2 and most of our DC's are 2016.

    As such, I'm going to move this over to DFSR then see if the issue is still on-going.

    If it is, i'll review what you've mentioned and report back.

    Cheers,

    Pat

    Tuesday, November 19, 2019 2:51 AM
  • Would you mind letting me know the update of the problem? If you need further assistance, feel free to let me know.

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, November 25, 2019 8:58 AM
    Moderator
  • Hi Teemo,

    I've reached out to premier support for assistance.

    After migrating from FRS to DFSR there was no change.

    I'll mark this thread as answered and work off the case I've raised.

    Thank you for following up.

    Cheers,

    Pat

    Tuesday, November 26, 2019 10:33 PM
  • Hi all,

    Microsoft support was able to resolve this for me.

    They found and fixed 2 issues.

    • In the GPSVC logs, they found this entry:
      Couldn't find the group policy template file <\\domain.local\SysVol\domain.local\Policies\{0BF89791-191F-4C65-A77A-9C051CAF4687}\gpt.ini>, error = 0x52e. DC: DomainController.domain.local

      Internally, an article was found which indicated a cached system credential.

      Using psexec, we found an old account which was no longer in existence. This is the command we ran:

      psexec -s -c cmd.exe
      rundll32.exe keymgr.dll, KRShowKeyMgr

      The user account was located and deleted.
    • They identified and acknowledged that the GPO's were applying, however the settings in those GPO's were not applying

      We deleted the entire History registry key for Group Policy, reset the client, and then the GPO settings were applying.

      This is the key which was deleted:
      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group Policy\History

    I hope this helps anyone else who might have this issue.

    Cheers,

    Pat

    Tuesday, December 3, 2019 10:16 PM