Event ID 5721, Net Logon issue for restored DC.

Posted on 2004-04-12
Last Modified: 2007-12-19
I spent part of my Easter rebuilding a file and print server that suffered from hardware problems that have now been resolved.

Incidently this is the same box that I rebuilt two months ago....due to issues with the backup process.

After the hardware was fixed, the backup and restore processes work fault-lessly. The only issue I had was resetting the machine account on the restored DC....KB288167. (this is fine now)

However after more log checking, I get a warning message on startup in the log, event id 5721, for which kb 257623 refers to...

- may have to apply the following as well...
[though it looks to be for NT not 2000??];en-us;257734

Then possibly redo the following KB's 281485,256000,305837.. for a following repetitive event id of 1265 for KCC - which is a warning -
My  research indicated the event id  is ofr security templates for the DC group, I went to apply the following KB's:

1). 281485 Name Collision - nope not this...

2). 256000 Error messages after importing Basicdc.inf...
-and then-
305837 DNS.."invalid credentials" error messages on Domain controller..
- interesting the error log for this process is giving me an error 13, but this is where I hit a brick wall...

So if I need to resolve the event id 5721 as it is first, and event id  1265 depends upon it??

Not overly concerned yet, they are warnings and users can use the server - just further research and a fix or two during my next maintenaince window for this server.

 - well I know already how next weekend is panning out...

- Okay, has anyone done anything here with this type of problem before??

Any suggestions or comments would be most welcome please.


Question by:supag33k
  • 4
  • 2

Author Comment

ID: 10811140
More information...

When I run netdiag it fails for the trust relationship test....

Trust relationship test.......failed
[Fatal] Secure channel to domain 'ourdomain' is broken.

which after searching means I'll try this...;en-us;216393



Author Comment

ID: 10811490
Again more information.....

1). Tried the above with Netdom reset and got....
"The secure channel from <servername> to <ourdomain> was not reset.
The security database on the server does not have a computer account for this workstation trust relationship (appears twice)
The command failed to complete successfully."

Also went to... ...for more information.

2). When I ran DCDIAG I got...
" server GUID DNS name could not be resolved to an IP Address. Check the DNS server, DHCP, Server name etc.
Although the GUID DNS name (as per above)couldnt be resolved, the the server name <> resolved to the IP Adress...."

Then obviously the server does not respond to the DS requests as part of the DCDIAG command.

so I think the main point is what to do with the DNS issue for the .msdc zone in the forward lookup zone??

-maybe I should up the points tally??


LVL 20

Expert Comment

ID: 10812247
Hi there,

Have you ensured that the zone is active directory integrated and can accept dynamic updates? Sounds like the GUID for the server hasn't been updated in dns after the rebuild,

Deb :))
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.


Author Comment

ID: 10875158
Well got the AD/DS working ...

Deb, please see points 1. and 3. ..if I can work the specifics or if you could supply the KB or howto I'll award the points!

1). After 3rd attempt over the weekend - when I realised what was wrong with the sysvol...
- Sysvol was restored as \winnt\sysvol\sysvol not winnt\sysvol..
I moved folders and copied the 'domain' folder to ''  etc etc, rebooted and everything worked, as the other DC's where at a later revision number....

(at least Backup Exec 9.1 restores the full system state - even if to a wrong location for sysvol - BE 8.6 - IMHO, does not restore System States correctly from the standard product, issues with DCOM for starters....)

This issue was found via re-reading a KB or three, also dcdiag, netdiag and nltest helped here.

Some other issue with the sysvol share that I am looking into on the restored DC as 'net share' does not list the sysvol folder yet it is participaing in the AD.
(interestingly the SOA and AD increments are higher than usual - will look at this in my next maintenance window)

2). Subsequently reset my machine accounts on all my DC's, it was KB 260575.

3). Still have a DNS issue with event id 5774 - but possibly due to the sysvol on the restored DC not being shared correctly as zone is AD integrated. (awaiting maintenance window)

4). NOTE: that in this type of situation all the dependant services - such as SQL, Exchange and Backup Exec etc etc have to have their account access re-verified otherwise you get errors for accessing stuff like selection lists and performing scheduled tasks (go to services, properties, log on, reset passwords for service.) - this was all done during the Easter break....phew

- only a few errors in the logs now, I will obviously get all this tightened down before updates (especially MS04-11) or further network changes.

Note that the event logs, white papers, this site (for the sysvol information) and the MS KB's all helped....and I got to avoid ADSIedit (yeechh)

cheers and thanks once again,


Author Comment

ID: 12460009
Well thanks for the comment I had resolved and forgotten this comment here.

The only 2 other points of interest was:

1. Has to reset the machine account for ther server (Netdom....)
2. Ended up using ADSIedit at a later stage when the DC was removed and re-added to the domain
as the DC object for this server did not remove itself correctly.

....Note that I did not get enough in the single reply to warrant an accepted answer though I would give a value of 75 points to Deb for an assisted answer.


LVL 20

Expert Comment

ID: 12461375

This one got past me for some reason so sorry about that supag33k - I don't have any objections to refund,

Deb :))

Accepted Solution

modulo earned 0 total points
ID: 14154019
PAQed with points refunded (125)

Community Support Moderator

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
For cloud, the “train has left the station” and in the Microsoft ERP & CRM world, that means the next generation of enterprise software from Microsoft is here: Dynamics 365 is Microsoft’s new integrated business solution that unifies CRM and ERP fun…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now