Repeated browser event ID 8021 and 8032 then server loses connction to domain with nelogon event 5719

Posted on 2007-11-13
Last Modified: 2012-06-27
I am  having a very strange problem on our network and would greatly apprecite any help.

I have numerous servers that have all simultaineouly lost there connection to the domain.  A reboot seems to fix the problem but I want to figure out what the underlying issue is.  All the servers in question have repeated browser events 8021 and 8032 which leads up to the catostrophic nelogon event 5719 after this the server can not authenticate anyone and needs to be rebooted.  See events below:

Event Type:      Warning
Event Source:      BROWSER
Event Category:      None
Event ID:      8021
Date:            11/13/2007
Time:            3:46:26 PM
User:            N/A
Computer:      SFS03
The browser service was unable to retrieve a list of servers from the browser master \\SFDC02 on the network \Device\NetBT_Tcpip_{E1BF078F-7EFF-4FB7-85BB-6E8CAE8C67A2}.
 Browser master: \\SFDC02
 Network: \Device\NetBT_Tcpip_{E1BF078F-7EFF-4FB7-85BB-6E8CAE8C67A2}
 This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Event Type:      Error
Event Source:      BROWSER
Event Category:      None
Event ID:      8032
Date:            11/13/2007
Time:            3:16:27 PM
User:            N/A
Computer:      SFS03
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E1BF078F-7EFF-4FB7-85BB-6E8CAE8C67A2}. The backup browser is stopping.

Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5719
Date:            11/13/2007
Time:            3:11:36 PM
User:            N/A
Computer:      SFS03
This computer was not able to set up a secure session with a domain controller in domain CALSB due to the following:
Not enough storage is available to process this command.  
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.  

If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
I have run netdaig dcdiag and combed through the event logs on our DC's and came up with nothing.  I have checked DNS and found several other threads with the exact same problem but these have eirthe been unanswerred or related to something else.

Question by:jdflory
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2

Expert Comment

ID: 20278232
Cause could be any of this
" Your computer performs an acting role as a master browser because of a forced election.
" Your computer network cards are linked to the same subnet.
" Your computer network cards are not linked directly to the same subnet, but are linked indirectly to the same subnet through other subnets that they are connected to.
" The master browser is using an incorrect subnet mask.
" Your computer is a multihomed computer. A multihomed computer links at the same time to two or more subnets by using multiple network cards.
" Your computer is a master browser.
" Your computer is running the TCP/IP protocol
" Your client computer and the Windows 2000-based computer are on the same network segment as a Cisco Systems PIX firewall device.
" The PIX firewall device is configured with the proxy Address Resolution Protocol (ARP) feature. This feature sends requests through the internal network adaptor of the PIX firewall device.

please check this links

Expert Comment

ID: 20278236
LVL 38

Expert Comment

ID: 20278354
Have you seen this link on all three errors?

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.


Author Comment

ID: 20281990
Thanks for everyones feedback I have two questions:

Can anybody tell me why these broswer events eventually lead to the server to stop authenticating to AD and then need to reboot.  I have seen these types of events before and have had connectivity issues before but they usually do not cause these types of issues.

-None of are servers are multihomed but all of them do have teamed nics.
-Checked the subnet mask of the master browser (one our DC's) andit is correct.
-This anomally is happening on several differnt subnets but all these subnets only have a single path to connect to.
-We do have an ASA and a Pix on our network and I have read the article disbaled proxy arp on the pix.  Allthough I am confused as to why this would be causing the problem because both devices are used only as exit points to our networks (internet access) so the servers and DC's do not use the these devices to communicate.  Can you help me understand what the MS artilce is talknig about in regards to this issue.

Thanks again
LVL 38

Accepted Solution

ChiefIT earned 500 total points
ID: 20282442
First off, I would really like to separate the two errors. I am not certain the Netlogon problem and Master Browser problems are related. So, you may have two separate problems. To answer your above questions, I think it best to handle the two problems separately.

Error 5719: (Netlogon Problems)
When you say have problems authenitcating, what do you mean? What types of connections are you trying to run when trying to access files or services? Are you trying to go through My Network Places to connect to a specific computer? If you are trying to connect through My Network Places, I can definately see the co-relation. If not, then you may have an additional problem. If you ask me, your netlogon service will interfere with domain authentication more so than any problems with the master Browser!!!. I think the fix for error 5719 I provided is the link to help you fix Netlogon error.

Errors 8021 and 8032: (master Browser Problems)

The way the Browser service works, (in the default browser configuration), is the clients will transmit a Netbios broadcast to show all available Master Browsers, "I AM HERE". If a Master Browser does not reply meaning it is not found, then an election can be forced by that client. The client can elect anything from another client to a mass storage device for a Master Browser. Sometimes you can get a couple master browsers on a single domain. Then you will see workgroup comptuers disappear from time to time.

The default configuration requires you are all able to communicate on ports 137 and 138. So, any IP port blockage can interfere with the master Browser service. Since these Netbios broadcasts are transmitted on UDP ports 137 and 138, the client can be transmitting into some sort of port blocking. That could include, VPN tunnel, NAT translation, Software/Hardware Firewall, Different Subnet, Different IP space for Multi homed domains, or some other sort of port blocking problem.

There are three potential fixes to the above blocks of the Master browser service. One is to stop the blockage by lowering your guard (meaning lower the port blockage like a firewall block). This will create vulnerabilities in your network and is not recommended.

The second is to use WINS instead of these Netbios Broadcasts to help your master browser see a list of comptuers. Since your clients and servers can not find a Master Browser or a Backup Browser, It looks like you have a blockage. I recommend you use the WINS configuration to help the Master Browser populate the list of computers in My Network Places.  I recommend this method and the link below will show you how to use WINS and the WAN configuration to work with the Master Browser Service.

The third is to use the Server Service and enable File and Print Sharing on all IP stacks. Most will say that File and Print sharing is a Vulnerability to the network and recommend you turn that off. I am on of those people.

This link is the best link I have found to explain the Master Browser Service. It is a little lengthy, but definately worth the read.

I think you will want to use the WAN configuration using WINS instead of the Netbios broadcasts from the client. Also you may want to distingquish  the diferences between the Domain Master Browser, Master Browser, and Backup Browser.

I hope this helps.



Author Comment

ID: 20328114
This issue has not showed itself again so it must have been some type of connectivity issue.

I appreciate your  very descriptive response which helped me to to distinguish between the errors.  I had thought that the 8021 and 8032 events were causing the 5719 event.  But I think you were correct and they were just both caused by the same issue.  We have checked all other possibilities that you mentioned.


Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Make the most of your online learning experience.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

689 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question