none
Multiple Netlogon errors - 5723 and 5805

    Question

  • Hi All,

    I see multiple netlogon error events 5805 and 5723 in one of the DC. Replication is working normal.

    As per the event message, 5805- A session setup from the computer 'aa' is failed to authenticate. Reason: Access denied.

    As per the event message 5723- The session setup from computer 'aa' failed because security DB doesnt contain a trust account 'aa$' referenced by the specific computer.

    I can see the computer 'aa' has its host record in DNS. It has a reverse lookup of PTR record as well.

    But i'm not able to find this computer in ADUC in computers container.

    why? What could be the issue here?

     


    Regards, Mohan R Sr. Administrator - Server Support
    Saturday, May 07, 2011 12:33 PM

Answers

All replies

  • Maybe the computer is not joined into domain, can you check by logging into that computer in question?
    With kind regards
    Krystian Zieja
    http://www.projectnenvision.com
    Follow me on twitter
    My Blog
    Saturday, May 07, 2011 12:50 PM
  • Hi Krystian,

    Thanks for your reply. The computer is in domain and i'm able to RDP to it.

     


    Regards, Mohan R Sr. Administrator - Server Support
    Saturday, May 07, 2011 12:54 PM
  • Did you create the system using any clone/images/ghost software, if yes then did you sysprep the system for assigning unique SID, if not then error is obvious then dis-joining or rejoining back into domain will not resolve the issue. If this is not the case someone might have deleted computer object in AD.

    Do you mind posting the complete error message of those events.

    Previous Discussion related to same topic.

    http://social.technet.microsoft.com/Forums/en-GB/winserverDS/thread/aaa39867-fc79-4d9b-a260-6585a85a2f7b

    http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/ea444453-5d83-4933-a7c5-e84ff670954e/

     

    Regards


    Awinish Vishwakarma| CHECK MY BLOG

    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Saturday, May 07, 2011 2:50 PM
    Moderator
  • Hi Awinish,

    Thank you. Please find the complete event information. I'm not sure if the machine is cloned one. I need to check that. What differences does it make?

    Also. how am i able to login to a computer which account doesn't exist in AD..confused...

    Event Type: Error
    Event Source: NETLOGON
    Event Category: None
    Event ID: 5723
    Date:  
    Time: 
    User:  N/A
    Computer: DC1
    Description:
    The session setup from computer 'aa' failed because the security database does not contain a trust account 'aa$' referenced by the specified computer. 

    USER ACTION 
    If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time. Otherwise, the following steps may be taken to resolve this problem: 

    If 'aa$' is a legitimate machine account for the computer 'aa', then 'aa' should be rejoined to the domain. 

    If 'aa' is a legitimate interdomain trust account, then the trust should be recreated. 

    Otherwise, assuming that 'aa$' is not a legitimate account, the following action should be taken on 'aa': 

    If 'aa' is a Domain Controller, then the trust associated with 'aa$' should be deleted. 

    If 'aa' is not a Domain Controller, it should be disjoined from the domain.

    Event Id 5805 as below:-

    Event Type: Error
    Event Source: NETLOGON
    Event Category: None
    Event ID: 5805
    Date:  
    Time:  
    User:  N/A
    Computer: DC1
    Description:
    The session setup from the computer aa failed to authenticate. The following error occurred:
    Access is denied.

     


    Regards, Mohan R Sr. Administrator - Server Support
    Saturday, May 07, 2011 4:07 PM
  • When you clone a machine using image or template, the SID(SID is unique security identifier & its been assigned to objects in AD to apply security permission) of the system is not changed & it creates a conflict between existsing system which results in broken secure channel from DC to systems in domain to verify the system in domain.

    http://www.windowsitpro.com/article/john-savills-windows-faqs/what-is-a-sid-security-id-

    Is computer DC1 is a domain controller, if yes, you are required to perform metadata cleanup of the DC1, if it doesn't exists you need to cleanup records of removed dc from all the folder inside _msdcs folder in dns, name server tab in dns, server object from NTDS settings in ADSS, verify from domain & configuration directory partition using ADSIEDIT tool.

    Metadata cleanup windows 2003 

    http://www.petri.co.il/delete_failed_dcs_from_ad.htm

    Metadata cleanup windows 2008

    http://technet.microsoft.com/en-us/library/cc816907%28WS.10%29.aspx

     

    Regards


    Awinish Vishwakarma| CHECK MY BLOG

    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Saturday, May 07, 2011 6:06 PM
    Moderator
  • Hi Awinish,

    The DC1 is a domain controller, the logs are generating for the computer account 'aa' ,not for the DC1.Do you still think metadata clean up is required for the DC?

    'aa' i'm checking if its cloned, ill get back to you on this.

    Those were very guud links. thanks for that...

    Also, do you have any idea why im able to logon with my domain Id on the PC 'aa' though it doesnt have the computer account in ADUC.

     


    Regards, Mohan R Sr. Administrator - Server Support
    Sunday, May 08, 2011 10:48 AM
  • Remove the computer from the domain and add it back...

    hth
    Marcin

    Sunday, May 08, 2011 11:50 AM
  • If DC1 is working domain controller, you don't required metadata cleanup, its required for removing references from AD for the failed domain controller or which can't be demoted gracefully.

    If its client system disjoin & rejoin it back will solve the problem.

    The reason is you are able to login is cached credentials & even you unplug the network cable still you can login due to cached credentials during first login.

    The option is only disjoing & rejoing those system but make sure these systems are not cloned without sysprep else you will see they get disjoint frequently.

    http://awinish.wordpress.com/2010/12/24/when-secure-channel-is-broken/

    More on cached credentials.

    http://thelazyadmin.com/blogs/thelazyadmin/archive/2006/01/31/Understanding-Cached-Credentials.aspx

     

    Regards


    Awinish Vishwakarma| CHECK MY BLOG

    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Sunday, May 08, 2011 1:28 PM
    Moderator
  • Hi Awinish,

    Thank you for all your explanantions.. I'll find the cloning part and try rejoining it to the domain.  I'll update the results here...  again fantastic article.. Thanks a lot!..


    Regards, Mohan R Sr. Administrator - Server Support
    Sunday, May 08, 2011 1:52 PM
  • Hello,

    if the machine is created from a clone/image not preparred with sysprep you have multiple machines with the same SID(Security Identifier), this can result in replication problem so when a second machine is added the first one is a kind of "overwritten" with the new name or vice versa, so you may not see the name in AD UC.

    To make sure your DCs have no problems i suggest to use the support tools and provide the following output files:

    ipconfig /all >c:\ipconfig.txt [from each DC/DNS Server]
    dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt
    repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt  ["dc* is a place holder for the starting name of the DCs if they all begin the same (if more then one DC exists)]
    dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045)

    As the output will become large, DON'T post them into the thread, please use Windows Sky Drive (skydrive.live.com) [with open access!] and add the link from it here. Also the /e in dcdiag scans the complete forest, so better run it on COB.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Sunday, May 08, 2011 7:13 PM
  • Hi avinash

    i am also facing the same issue with windows 7 clients so they are having OS image so how to fix the problem for 100s of clients is ther any fix for this.  i have checked the Dcdiag and it has not having any error.


    • Edited by Magic123 Tuesday, January 03, 2012 3:21 PM
    Tuesday, January 03, 2012 3:20 PM
  • This is very old thread, would request you to start a new thread with description to get better served.

     

    Regards  


    Awinish Vishwakarma

    MY BLOG:  awinish.wordpress.com


    This posting is provided AS-IS with no warranties/guarantees and confers no rights.
    Tuesday, January 03, 2012 3:31 PM
    Moderator