Solved

Event ID 5774

Posted on 2006-06-09
11
732 Views
Last Modified: 2007-12-19
I have a Window 2000 Server that is generating a series of 5774 errs every two hours. I have added a record to the DNS reverse lookup pointing to itself (it is the only recordin the reverse lookup), but the errs continue. The machine is a Domain Contoller with no other domains attached. The error generates about 12-16 entries over a period of about 5 minutes and then goes dormant for another two hours. This machine is being used mainly as a file server and there are hardly any programs installed on it. For some reason DHCP has NOT been installed/enabled, as there is no msc for it in the admin tools. Here is the actual error decription:

Source: Netlogon
Event ID: 5774

Registration of the DNS record '_kpasswd._tcp.cityname.companyname.com. 600 IN SRV 0 100 464 server.cityname.companyname.com.' failed with the following error:
DNS operation refused.  
0
Comment
Question by:evault
  • 4
  • 4
  • 3
11 Comments
 
LVL 23

Expert Comment

by:Mohammed Hamada
Comment Utility
0
 
LVL 11

Expert Comment

by:grsteed
Comment Utility
Have you seen this article

http://support.microsoft.com/?kbid=284963

Basically, it says that the Authoritative DNS server needs to be added to the list of DNS servers in the TCP/IP settings.

Cheers,

Gary
0
 
LVL 1

Author Comment

by:evault
Comment Utility
I have tried all of the articles referenced with no positve results. The error reimains in the event log. This is a windows 2000 server acting as a domain controller running AD, but not DHCP.
0
 
LVL 11

Expert Comment

by:grsteed
Comment Utility
Can you post the results of ipconfig /all?  And can you confirm the address of the DNS server?

Gary

0
 
LVL 23

Expert Comment

by:Mohammed Hamada
Comment Utility
SYMPTOMS
On a Windows 2000-based or Windows Server 2003-based domain controller that has Domain Name System (DNS) installed and integrated with Active Directory to allow secure dynamic updates, you may find that Event Viewer records the Netlogon error Event ID 5774 approximately every 70 seconds.
      Back to the top      
CAUSE
This behavior can occur when the DNS server that is authoritative for the Active Directory domain name is not listed on the DNS tab of the Advanced TCP/IP Settings dialog box.
      Back to the top      
RESOLUTION
To resolve this behavior, add the Internet Protocol (IP) address of the DNS server that is authoritative for the Active Directory domain name to the IP Protocol (TCP/IP) Properties, and then move it to the top of the list:


1.      On the desktop, right-click My Network Places, and then click Properties.      
2.      Right-click the appropriate connection object, and then click Properties.      
3.      Click Internet Protocol (TCP/IP), and then click Properties.      
4.      Click Advanced.      
5.      Click DNS.      
6.      Click Add, type the IP address of the DNS server in the DNS server box, and then click Add.      
7.      Click the arrows to move the IP address of the Active Directory DNS server to the top of the list.      
8.      Click OK in the open dialog boxes to close them and save the new settings.      
9.      Stop and then restart the Netlogon Service. The Event ID 5774 error messages should no longer occur.

Have you tried this ???? This is exactl error that you have, the only difference is that your log is generated every 5 mins..!
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 23

Expert Comment

by:Mohammed Hamada
Comment Utility
Try this also.. in the second link i posted.

Configure the Netlogon service to depend on the DNS service. This will cause the Netlogon service to start after the DNS service starts. To do this, run REGEDT32, and go to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon
In the right pane, double-click the value DependOnService and add DNS to the next available blank line. Click OK
0
 
LVL 1

Author Comment

by:evault
Comment Utility
smoh10ly:

As I mentioned I tried every article and suggestion posted in this question; adding the ip address to the DNS tab of the advacned TCP/IP properties crashed the network. I did it exactly as described in the MS article you referenced.

I modified the registry at this location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon and had to do it in hex because the registry entry did not have an option to modify in ASCII as did my windows 2003 server entry of the same location. After modifying the registry I restarted and received the same errs. Also I am not seeing this err every 5 minutes, I am seeing it every two hours.

To grsteed: Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\Administrator>ipconfig /all

Windows 2000 IP Configuration

        Host Name . . . . . . . . . . . . : server
        Primary DNS Suffix  . . . . . . . : city.company.com
        Node Type . . . . . . . . . . . . : Broadcast
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : city.company.com
                                            company.com

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Intel(R) PRO/1000 XT Network Connect
ion
        Physical Address. . . . . . . . . : 00-06-5B-F2-B3-F9
        DHCP Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.254.2
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.254.254
        DNS Servers . . . . . . . . . . . : 64.xxx.172.26
                                            64.xxx.163.106

C:\Documents and Settings\Administrator>
0
 
LVL 1

Author Comment

by:evault
Comment Utility
grsteed: ipaddress of the DNS server is external, the domain controller is the internal IP Address as shown in the previous posting: 192.168.254.2. I did not set this up so I cannot tell you why things are set up the way they are.
0
 
LVL 1

Author Comment

by:evault
Comment Utility
to all: here is the actual error message as recorded by the event log: Event Type:      
Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5774
Date:            6/12/2006
Time:            10:49:21 AM
User:            N/A
Computer:      SERVER
Description:
Registration of the DNS record '_kpasswd._tcp.cityname.companyname.com. 600 IN SRV 0 100 464 server.cityname.companyname.com.' failed with the following error:
DNS operation refused.  
Data:
0000: 2d 23 00 00               -#..    

PRECEEDED BY:

Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5774
Date:            6/12/2006
Time:            10:49:21 AM
User:            N/A
Computer:      SERVER
Description:
Registration of the DNS record '_gc._tcp.cityname.companyname.com. 600 IN SRV 0 100 3268 server.cityname.companyname.com.' failed with the following error:
DNS operation refused.  
Data:
0000: 2d 23 00 00               -#..    

PRCEEDED BY

Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5774
Date:            6/12/2006
Time:            10:49:20 AM
User:            N/A
Computer:      SERVER
Description:
Registration of the DNS record '_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.cityname.companyname.com. 600 IN SRV 0 100 88 server.cityname.companyname.com.' failed with the following error:
DNS operation refused.  
Data:
0000: 2d 23 00 00               -#..    


PRECEEDED BY

Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5774
Date:            6/12/2006
Time:            10:49:20 AM
User:            N/A
Computer:      SERVER
Description:
Registration of the DNS record '28c47b56-bc73-412a-b4a0-29d6c65cb70d._msdcs.cityname.companyname.com. 600 IN CNAME server.cityname.companyname.com.' failed with the following error:
DNS operation refused.  
Data:
0000: 2d 23 00 00               -#..    

And it goes on for another 12 or so errs
0
 
LVL 11

Expert Comment

by:grsteed
Comment Utility
What do you mean by "crashed the network".  Did you lose network access by name AND IP?

What's probably happening is that your DNS Server(s) aren't configured with forwarders using the addresses above for DNS.

Normally DNS in a Domain environment is set up with everyone using the internal DNS server for the Domain, and that server is set up with forwarders to the external (your ISP's) DNS servers.

The error says "DNS operation refused" makes me wonder if there is a dynamic update or Zone transfer trying to go to the external DNS servers.


Hmmm just foud this link. It shows event 5744 and not 5774. I see that you made another comment while I was typing this one up that shows the Event ID as 5774. Maybe a typo on Microsoft's part. Anyway check out this link.

http://support.microsoft.com/default.aspx?scid=kb;en-us;316239

 
Also, here's some links for MS DNS server setup.

For Win2k
http://www.microsoft.com/windows2000/en/advanced/help/default.asp?url=/windows2000/en/advanced/help/sag_DNS_pro_ConfigServer.htm

For Win2k3

http://support.microsoft.com/default.aspx?scid=kb;en-us;814591

Cheers,

Gary
0
 
LVL 23

Accepted Solution

by:
Mohammed Hamada earned 500 total points
Comment Utility
I have read this Ms article and it says that "One or more of the DC Locator DNS records are not registered in the DNS database"..

The crashes are probably happens due to the Services script which is used by AD for monitoring the DC locator..

Have alook Here at the Netlogon information..
http://www.microsoft.com/technet/prodtechnol/mom/mom2000/maintain/admptech/admptr05.mspx

Try disabling the Netlogon service and restart it to see if the DNS records will be registered after you enable it the second time, To see how to enable Netlogon see under "The Net Logon Service" in the following MS-KB:

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q246804
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Step by step guide to Clean and Sort your windows registry! Introduction: Always remember: A Clean registry = Better performance = Save your invaluable time In this article we're going to clear our registry manually! Yes, manually! The e…
If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now