none
Event ID 5774 Netlogon RRS feed

  • Question

  • The dynamic registration of the DNS record '_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.domain1.local. 600 IN SRV 0 100 389 DNS-DC2.domain1.local.' failed on the following DNS server:  

    DNS server IP address: 192.168.200.80 
    Returned Response Code (RCODE): 0 
    Returned Status Code: 10054  

    For computers and users to locate this domain controller, this record must be registered in DNS.  

    USER ACTION  
    Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain  controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service. 
      Or, you can manually add this record to DNS, but it is not recommended.  

    ADDITIONAL DATA 
    Error Value: An existing connection was forcibly closed by the remote host.

    I ran dcdiag and everything looked good except for this:

                                                                    

    Running enterprise tests on : domain1.local

          Starting test: DNS

             Test results for domain controllers:


                DC: DNS-DC2.domain1.local

                Domain: domain1.local




                   TEST: Delegations (Del)
                      Error: DNS server: fileserver.domain1.local.

                      IP:192.168.200.21

                      [Broken delegated domain _msdcs.domain1.local.]


             Summary of test results for DNS servers used by the above domain

             controllers:



                DNS server: 192.168.200.21 (fileserver.domain1.local.)

                   1 test failure on this DNS server

                   PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.200.21               
             Summary of DNS test results:

    I'm new to this job so I asked someone and this device fileserver.domain1.local was their old DC that was decommissioned.  I've verified it is no longer on the network.

    I'm not sure if this is related to the original Event ID error that was logged though.

    Ok, I found where this error was being generated.  In DNS under domain1.local>_msdcs it still had the entry for fileserver.domain1.local.  I've updated that to the correct server.

    • Edited by El Dab67 plus Wednesday, May 16, 2018 2:44 PM added additional data
    Wednesday, May 16, 2018 2:26 PM

All replies

  • Hi,

    Thanks for your question.

    Please try the following steps to see if it could fix this issue.

    1. On the machine logging the above event, in their TCP/IP configuration, make sure they’re not configured for the same DNS server for both Primary and Secondary.

    2. The following registry value is incorrect: “SiteCoverage” under:

        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

        This value typically should equal the domain name.

    3. Change the zone type from Active Directory integrated to "Standard Primary", then stop & start DNS. Then stop & start the netlogon service on the DC to verify that the records are registered. If so, then change the zone type back to Active Directory integrated and verify that the DC no longer records the Eveny log errors when the netlogon service is stopped & started.

    4. Make sure the machine logging the above event is pointing to a DNS server that support Dynamic updates and is hosting a zone for the domain (i.e. make sure it’s not pointing to the ISPs DNS server).

    Please refer to the following link for more information,

    Event 5774, NETLOGON

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/0507f7cc-c426-439b-a0c6-d36cda2dfee8/event-5774-netlogon?forum=winserverNIS

    Netlogon event 5774

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/cf5c1e9e-dccb-45e2-9f14-144f8ba1f838/netlogon-event-5774?forum=winservergen

    Hope this helps. I look forward hearing your good news. If you have any questions, please feel free to let me know.

    Have a nice day!

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, May 17, 2018 6:04 AM
  • Hi,

    How are things going on? Was the issue resolved?

    Please let me know if you would like further assistance.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, May 18, 2018 12:54 PM
  • Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, May 21, 2018 2:30 PM
  • Hi,

    Had this issue, the below fixed it (after many sleepless nights!)

    Hi,

    To anyone that is interested, this fixed my problem :

    According to your description, I understand that your Windows 2008 server keep receiving Event ID: 5774.

     

    These events are typically logged with other events that may that may give clues to the problem. In general, these events indicates that the machine is unable to register its records with the DNS server it's configured to register with.

     

    Please check the following steps whether it fixes your issue.


    1. On the machine logging the above event, in their TCP/IP configuration, make sure they’re not configured for the same DNS server for both Primary and Secondary.

    2. The following registry value is incorrect: “SiteCoverage” under:
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
        This value typically should equal the domain name.

    3. Change the zone type from Active Directory integrated to "Standard Primary", then stop & start DNS. Then stop & start the netlogon service on the child DC & 
        verify that the records are registered. If so, then change the zone type back to Active Directory integrated and verify that the DC no longer records the Eveny log 
        errors when the netlogon service is stopped & started.

    4. Make sure the machine logging the above event is pointing to a DNS server that support Dynamic updates and is hosting a zone for the domain (i.e. make sure it’s 
        not pointing to the ISPs DNS server).

    5. verify if there is a CName (or other record) for the same hostname that was manually entered and is preventing a dynamic host registration. Remove the manual record.

     

    6. Parent / child domain. The above event was logged on the domain controllers in the child domain.
        Setup:
        On the parent DNS servers, there is a delegation down to the child DNS servers. The child DNS servers have forwarders up to the parent DNS servers.
        Cause and Fix:
        On the Security tab in the delegations, check if  “Authenticated Users” is missing. 
       Added “Authenticated Users” and enabled Full Control.

     

    7. Domain Controller Generates a Netlogon Error Event ID 5774

        http://support.microsoft.com/?id=284963

    Monday, May 21, 2018 11:42 PM
  • credit : 

    Best Regards,

    Wilson Jia

    Monday, May 21, 2018 11:43 PM
  • Hi,
    Could the above reply be of help? If yes, you may mark it as answer, if not, feel free to feed back
    Best Regards,
    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, May 28, 2018 1:58 PM
  • Sorry it has taken me so long to reply.

    1. No, this DC is pointing to the other DC for it's primary DNS and itself for the secondary DNS.

    2. There is no option for "Site Coverage" under parameters.

    3.  I'll test this later and get back with you

    4.  Yes, it is pointing to a server that has dynamic updates (secure only).

    I checked the other DC and it doesn't have the "Site Coverage" under parameters either.


    Tuesday, June 5, 2018 8:53 PM