kennedy2008
asked on
Event ID 5723 need to remove netlogon entries
There are 2 machines on the domain that cause Netlogon errors. The Event IDs are 5805 and 5723. Example is below:
5805: The session setup from the computer 06XP301 failed to authenticate. The following error occurred:
Access is denied.
5723: The session setup from computer '06XP301' failed because the security database does not contain a trust account '06XP301$' referenced by the specified computer.
The problem is these computers do not exist in the AD structure. What's more, I can resolve the computer name to an IP address, but cannot reach that address. These computers have been acting this way for 3+months.
Question:
How can I resolve these Netlogon errors if the computers in question are no long online? Do I need to make a change to the Active Directory?
5805: The session setup from the computer 06XP301 failed to authenticate. The following error occurred:
Access is denied.
5723: The session setup from computer '06XP301' failed because the security database does not contain a trust account '06XP301$' referenced by the specified computer.
The problem is these computers do not exist in the AD structure. What's more, I can resolve the computer name to an IP address, but cannot reach that address. These computers have been acting this way for 3+months.
Question:
How can I resolve these Netlogon errors if the computers in question are no long online? Do I need to make a change to the Active Directory?
Disjoin the computers from the Domain. Confirm this in Active Directory and delete the disjoined objects. Manually syncronize the Domain (AD Sites and Services). Then re-join the Domain.
Disjoin the computers from the Domain. Confirm this in Active Directory and delete the disjoined objects. Manually syncronize the Domain (AD Sites and Services). Then re-join the Domain.
The fact you are getting the errors shows that the computers are online
you just need to goto the computer in question and join it onto AD,
right click on my computer
computer name tab
click on change
select the comain button
enter your domain name
then you should be prompted for the domain user / password
this will connect the computer onto the domain
when the user logs on next time a new profile will be created so you may need to move files out of their my docs etc.
you just need to goto the computer in question and join it onto AD,
right click on my computer
computer name tab
click on change
select the comain button
enter your domain name
then you should be prompted for the domain user / password
this will connect the computer onto the domain
when the user logs on next time a new profile will be created so you may need to move files out of their my docs etc.
ASKER
The problem is:
1. The IP address that is resolved is not listed in the DHCP lease table (i.e. it is availiable for lease?)
2. the IP address resolved is not pingable.
3. I do not know the physical location of this computer.
Question:
How do I locate something that is not pingable and not listed with a leased IP address?
1. The IP address that is resolved is not listed in the DHCP lease table (i.e. it is availiable for lease?)
2. the IP address resolved is not pingable.
3. I do not know the physical location of this computer.
Question:
How do I locate something that is not pingable and not listed with a leased IP address?
ASKER
Also, the computer names in question, which are given in the Event log, are not listed as an object in Active Directory.
1. its probaly still in your local cache so do ipconfig /dnsflush and then see if it appears again
try setting your computers ip address to the ip of one of these computers and see if you get an ip address conflict
if you do then the computer is online somewhere on the network
try to remote desktop onto the computer if the computer was once a member of your domain you should be able to login using the administrator account
try setting your computers ip address to the ip of one of these computers and see if you get an ip address conflict
if you do then the computer is online somewhere on the network
try to remote desktop onto the computer if the computer was once a member of your domain you should be able to login using the administrator account
ASKER
-I have flush the DNS cache on a local machine (not the DC) with no result
-I have assigned the ip address in question to a local computer without conflict.
However the address is not pingable on any other computer in the domain, even though the computer with the newly assigned address can browse the network.
I have read somewhere about Phantom entries in AD but do not know how to remove these.
Any ideas to whether these are phantom entries, and if so, how do you identify them as such and remove them?
-I have assigned the ip address in question to a local computer without conflict.
However the address is not pingable on any other computer in the domain, even though the computer with the newly assigned address can browse the network.
I have read somewhere about Phantom entries in AD but do not know how to remove these.
Any ideas to whether these are phantom entries, and if so, how do you identify them as such and remove them?
On the machine with the problem: (there is no danger in these commands)
Net Stop Netlogon
Net Stop DNS (if this machine has DNS server installed)
Ipconfig/flushdns
Ipconfig/registerdns
Net Start DNS (If needed)
Net Start Netlogon
Net Stop Netlogon
Net Stop DNS (if this machine has DNS server installed)
Ipconfig/flushdns
Ipconfig/registerdns
Net Start DNS (If needed)
Net Start Netlogon
ASKER
DENVER RICK
You want me to do this on the Domain Controller?
The machines names (problem computers) that are listed in the event log on the DC (DNS server) are nowhere to found physically on the domain.
You want me to do this on the Domain Controller?
The machines names (problem computers) that are listed in the event log on the DC (DNS server) are nowhere to found physically on the domain.
Let's backup a step.
If the computer names are not listed in AD, and you have in fact "refreshed" while in that OU, then you have orphaned accounts.
Did you attempt to disjoin from the Domain?
If the computer names are not listed in AD, and you have in fact "refreshed" while in that OU, then you have orphaned accounts.
Did you attempt to disjoin from the Domain?
ASKER
To my knowledge these computer objects where never disjoined from the domain.
Yes, the objects have not been in AD for a few months now.
Yes, the objects have not been in AD for a few months now.
But they show Domain Membership in My Computer, Properties, Computer Name tab?
Headed out for awhile...if they do show Domain Membership, logon as a local administrator (while unplugged from the network) and move (join) them to a Workgroup. Reboot, reconnect to the network, and join the Domain.
DR
DR
ASKER
That is the strange part of this whole thing. The computers/IP addresses that these entries (in the event viewer of the domain controller) are refering to do no exist in the domain, phyiscally (no computer) or administratively (in AD as an object and IP address is not being leased)
For example, if I ping the computer name the event is referring to
06xp301 it will resolve to a private address 192.168.1.106, but it is not be reachable. When I look in the DHCP lease list the address nor computer name are listed. Furthermore, I cannot physically find these machine.
Now, in one case i am certain the computer was renamed before the old name was disjoined from the domain. example: 008dt321 renamed to 08dt321. The new name exists as an object and is pingable, however the old name 008dt321 is niether.
For example, if I ping the computer name the event is referring to
06xp301 it will resolve to a private address 192.168.1.106, but it is not be reachable. When I look in the DHCP lease list the address nor computer name are listed. Furthermore, I cannot physically find these machine.
Now, in one case i am certain the computer was renamed before the old name was disjoined from the domain. example: 008dt321 renamed to 08dt321. The new name exists as an object and is pingable, however the old name 008dt321 is niether.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That was what it needed. thanx!
yerwelkum!