We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now


Event ID 5721, Net Logon issue for restored DC.

supag33k asked
Medium Priority
Last Modified: 2007-12-19
I spent part of my Easter rebuilding a file and print server that suffered from hardware problems that have now been resolved.

Incidently this is the same box that I rebuilt two months ago....due to issues with the backup process.

After the hardware was fixed, the backup and restore processes work fault-lessly. The only issue I had was resetting the machine account on the restored DC....KB288167. (this is fine now)

However after more log checking, I get a warning message on startup in the log, event id 5721, for which kb 257623 refers to...


- may have to apply the following as well...
[though it looks to be for NT not 2000??]


Then possibly redo the following KB's 281485,256000,305837.. for a following repetitive event id of 1265 for KCC - which is a warning -
My  research indicated the event id  is ofr security templates for the DC group, I went to apply the following KB's:

1). 281485 Name Collision - nope not this...

2). 256000 Error messages after importing Basicdc.inf...
-and then-
305837 DNS.."invalid credentials" error messages on Domain controller..
- interesting the error log for this process is giving me an error 13, but this is where I hit a brick wall...

So if I need to resolve the event id 5721 as it is first, and event id  1265 depends upon it??

Not overly concerned yet, they are warnings and users can use the server - just further research and a fix or two during my next maintenaince window for this server.

 - well I know already how next weekend is panning out...

- Okay, has anyone done anything here with this type of problem before??

Any suggestions or comments would be most welcome please.


Watch Question


More information...

When I run netdiag it fails for the trust relationship test....

Trust relationship test.......failed
[Fatal] Secure channel to domain 'ourdomain' is broken.

which after searching means I'll try this...





Again more information.....

1). Tried the above with Netdom reset and got....
"The secure channel from <servername> to <ourdomain> was not reset.
The security database on the server does not have a computer account for this workstation trust relationship (appears twice)
The command failed to complete successfully."

Also went to...
http://www.tburke.net/info/suptools/topics/netdom_examples.htm ...for more information.

2). When I ran DCDIAG I got...
"2966a0c7-7126-474e-9ca1-f332bf9cdcf0.msdcs.ourdomain.com server GUID DNS name could not be resolved to an IP Address. Check the DNS server, DHCP, Server name etc.
Although the GUID DNS name (as per above)couldnt be resolved, the the server name <servername.ourdomain.com> resolved to the IP Adress...."

Then obviously the server does not respond to the DS requests as part of the DCDIAG command.

so I think the main point is what to do with the DNS issue for the .msdc zone in the forward lookup zone??

-maybe I should up the points tally??


Top Expert 2004

Hi there,

Have you ensured that the zone is active directory integrated and can accept dynamic updates? Sounds like the GUID for the server hasn't been updated in dns after the rebuild,

Deb :))


Well got the AD/DS working ...

Deb, please see points 1. and 3. ..if I can work the specifics or if you could supply the KB or howto I'll award the points!

1). After 3rd attempt over the weekend - when I realised what was wrong with the sysvol...
- Sysvol was restored as \winnt\sysvol\sysvol not winnt\sysvol..
I moved folders and copied the 'domain' folder to 'ourdomain.com'  etc etc, rebooted and everything worked, as the other DC's where at a later revision number....

(at least Backup Exec 9.1 restores the full system state - even if to a wrong location for sysvol - BE 8.6 - IMHO, does not restore System States correctly from the standard product, issues with DCOM for starters....)

This issue was found via re-reading a KB or three, also dcdiag, netdiag and nltest helped here.

Some other issue with the sysvol share that I am looking into on the restored DC as 'net share' does not list the sysvol folder yet it is participaing in the AD.
(interestingly the SOA and AD increments are higher than usual - will look at this in my next maintenance window)

2). Subsequently reset my machine accounts on all my DC's, it was KB 260575.

3). Still have a DNS issue with event id 5774 - but possibly due to the sysvol on the restored DC not being shared correctly as zone is AD integrated. (awaiting maintenance window)

4). NOTE: that in this type of situation all the dependant services - such as SQL, Exchange and Backup Exec etc etc have to have their account access re-verified otherwise you get errors for accessing stuff like selection lists and performing scheduled tasks (go to services, properties, log on, reset passwords for service.) - this was all done during the Easter break....phew

- only a few errors in the logs now, I will obviously get all this tightened down before updates (especially MS04-11) or further network changes.

Note that the event logs, white papers, this site (for the sysvol information) and the MS KB's all helped....and I got to avoid ADSIedit (yeechh)

cheers and thanks once again,



Well thanks for the comment I had resolved and forgotten this comment here.

The only 2 other points of interest was:

1. Has to reset the machine account for ther server (Netdom....)
2. Ended up using ADSIedit at a later stage when the DC was removed and re-added to the domain
as the DC object for this server did not remove itself correctly.

....Note that I did not get enough in the single reply to warrant an accepted answer though I would give a value of 75 points to Deb for an assisted answer.


Top Expert 2004


This one got past me for some reason so sorry about that supag33k - I don't have any objections to refund,

Deb :))
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.