Repeated browser event ID 8021 and 8032 then server loses connction to domain with nelogon event 5719

Posted on 2007-11-13
Last Modified: 2012-06-27
I am  having a very strange problem on our network and would greatly apprecite any help.

I have numerous servers that have all simultaineouly lost there connection to the domain.  A reboot seems to fix the problem but I want to figure out what the underlying issue is.  All the servers in question have repeated browser events 8021 and 8032 which leads up to the catostrophic nelogon event 5719 after this the server can not authenticate anyone and needs to be rebooted.  See events below:

Event Type:      Warning
Event Source:      BROWSER
Event Category:      None
Event ID:      8021
Date:            11/13/2007
Time:            3:46:26 PM
User:            N/A
Computer:      SFS03
The browser service was unable to retrieve a list of servers from the browser master \\SFDC02 on the network \Device\NetBT_Tcpip_{E1BF078F-7EFF-4FB7-85BB-6E8CAE8C67A2}.
 Browser master: \\SFDC02
 Network: \Device\NetBT_Tcpip_{E1BF078F-7EFF-4FB7-85BB-6E8CAE8C67A2}
 This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Event Type:      Error
Event Source:      BROWSER
Event Category:      None
Event ID:      8032
Date:            11/13/2007
Time:            3:16:27 PM
User:            N/A
Computer:      SFS03
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E1BF078F-7EFF-4FB7-85BB-6E8CAE8C67A2}. The backup browser is stopping.

Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5719
Date:            11/13/2007
Time:            3:11:36 PM
User:            N/A
Computer:      SFS03
This computer was not able to set up a secure session with a domain controller in domain CALSB due to the following:
Not enough storage is available to process this command.  
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.  

If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
I have run netdaig dcdiag and combed through the event logs on our DC's and came up with nothing.  I have checked DNS and found several other threads with the exact same problem but these have eirthe been unanswerred or related to something else.

Question by:jdflory
  • 2
  • 2
  • 2

Expert Comment

ID: 20278232
Cause could be any of this
" Your computer performs an acting role as a master browser because of a forced election.
" Your computer network cards are linked to the same subnet.
" Your computer network cards are not linked directly to the same subnet, but are linked indirectly to the same subnet through other subnets that they are connected to.
" The master browser is using an incorrect subnet mask.
" Your computer is a multihomed computer. A multihomed computer links at the same time to two or more subnets by using multiple network cards.
" Your computer is a master browser.
" Your computer is running the TCP/IP protocol
" Your client computer and the Windows 2000-based computer are on the same network segment as a Cisco Systems PIX firewall device.
" The PIX firewall device is configured with the proxy Address Resolution Protocol (ARP) feature. This feature sends requests through the internal network adaptor of the PIX firewall device.

please check this links

Expert Comment

ID: 20278236
LVL 38

Expert Comment

ID: 20278354
Have you seen this link on all three errors?

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud


Author Comment

ID: 20281990
Thanks for everyones feedback I have two questions:

Can anybody tell me why these broswer events eventually lead to the server to stop authenticating to AD and then need to reboot.  I have seen these types of events before and have had connectivity issues before but they usually do not cause these types of issues.

-None of are servers are multihomed but all of them do have teamed nics.
-Checked the subnet mask of the master browser (one our DC's) andit is correct.
-This anomally is happening on several differnt subnets but all these subnets only have a single path to connect to.
-We do have an ASA and a Pix on our network and I have read the article disbaled proxy arp on the pix.  Allthough I am confused as to why this would be causing the problem because both devices are used only as exit points to our networks (internet access) so the servers and DC's do not use the these devices to communicate.  Can you help me understand what the MS artilce is talknig about in regards to this issue.

Thanks again
LVL 38

Accepted Solution

ChiefIT earned 500 total points
ID: 20282442
First off, I would really like to separate the two errors. I am not certain the Netlogon problem and Master Browser problems are related. So, you may have two separate problems. To answer your above questions, I think it best to handle the two problems separately.

Error 5719: (Netlogon Problems)
When you say have problems authenitcating, what do you mean? What types of connections are you trying to run when trying to access files or services? Are you trying to go through My Network Places to connect to a specific computer? If you are trying to connect through My Network Places, I can definately see the co-relation. If not, then you may have an additional problem. If you ask me, your netlogon service will interfere with domain authentication more so than any problems with the master Browser!!!. I think the fix for error 5719 I provided is the link to help you fix Netlogon error.

Errors 8021 and 8032: (master Browser Problems)

The way the Browser service works, (in the default browser configuration), is the clients will transmit a Netbios broadcast to show all available Master Browsers, "I AM HERE". If a Master Browser does not reply meaning it is not found, then an election can be forced by that client. The client can elect anything from another client to a mass storage device for a Master Browser. Sometimes you can get a couple master browsers on a single domain. Then you will see workgroup comptuers disappear from time to time.

The default configuration requires you are all able to communicate on ports 137 and 138. So, any IP port blockage can interfere with the master Browser service. Since these Netbios broadcasts are transmitted on UDP ports 137 and 138, the client can be transmitting into some sort of port blocking. That could include, VPN tunnel, NAT translation, Software/Hardware Firewall, Different Subnet, Different IP space for Multi homed domains, or some other sort of port blocking problem.

There are three potential fixes to the above blocks of the Master browser service. One is to stop the blockage by lowering your guard (meaning lower the port blockage like a firewall block). This will create vulnerabilities in your network and is not recommended.

The second is to use WINS instead of these Netbios Broadcasts to help your master browser see a list of comptuers. Since your clients and servers can not find a Master Browser or a Backup Browser, It looks like you have a blockage. I recommend you use the WINS configuration to help the Master Browser populate the list of computers in My Network Places.  I recommend this method and the link below will show you how to use WINS and the WAN configuration to work with the Master Browser Service.

The third is to use the Server Service and enable File and Print Sharing on all IP stacks. Most will say that File and Print sharing is a Vulnerability to the network and recommend you turn that off. I am on of those people.

This link is the best link I have found to explain the Master Browser Service. It is a little lengthy, but definately worth the read.

I think you will want to use the WAN configuration using WINS instead of the Netbios broadcasts from the client. Also you may want to distingquish  the diferences between the Domain Master Browser, Master Browser, and Backup Browser.

I hope this helps.



Author Comment

ID: 20328114
This issue has not showed itself again so it must have been some type of connectivity issue.

I appreciate your  very descriptive response which helped me to to distinguish between the errors.  I had thought that the 8021 and 8032 events were causing the 5719 event.  But I think you were correct and they were just both caused by the same issue.  We have checked all other possibilities that you mentioned.


Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Setting up a VPN 60 140
Domain admin accounts get locked out 35 59
Need to replace W2003 server with Win2008R2. 3 26
Wireless scope on sever with DSL connection 9 22
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question