Event ID 5723 need to remove netlogon entries

There are 2 machines on the domain that cause Netlogon errors.  The Event IDs are 5805 and 5723.  Example is below:

5805: The session setup from the computer 06XP301 failed to authenticate. The following error occurred:
Access is denied.

5723: The session setup from computer '06XP301' failed because the security database does not contain a trust account '06XP301$' referenced by the specified computer.  

The problem is these computers do not exist in the AD structure.  What's more, I can resolve the computer name to an IP address, but cannot reach that address.  These computers have been acting this way for 3+months.

Question:
How can I resolve these Netlogon errors if the computers in question are no long online? Do I need to make a change to the Active Directory?
kennedy2008Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

DenverRickCommented:
Disjoin the computers from the Domain.  Confirm this in Active Directory and delete the disjoined objects.  Manually syncronize the Domain (AD Sites and Services).  Then re-join the Domain.

0
DenverRickCommented:
Disjoin the computers from the Domain.  Confirm this in Active Directory and delete the disjoined objects.  Manually syncronize the Domain (AD Sites and Services).  Then re-join the Domain.

0
jonesc3MDCommented:
The fact you are getting the errors shows that the computers are online
you just need to goto the computer in question and join it onto AD,
right click on my computer
computer name tab
click on change
select the comain button
enter your domain name
then you should be prompted for the domain user / password
this will connect the computer onto the domain
when the user logs on next time a new profile will be created so you may need to move files out of their my docs etc.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

kennedy2008Author Commented:
The problem is:

1. The IP address that is resolved is not listed in the DHCP lease table (i.e. it is availiable for lease?)
2. the IP address resolved is not pingable.
3. I do not know the physical location of this computer.

Question:

How do I locate something that is not pingable and not listed with a leased IP address?
0
kennedy2008Author Commented:
Also, the computer names in question, which are given in the Event log, are not listed as an object in Active Directory.
0
jonesc3MDCommented:
1. its probaly still in your local cache so do ipconfig /dnsflush and then see if it appears again
try setting your computers ip address to the ip of one of these computers and see if you get an ip address conflict
if you do then the computer is online somewhere on the network
try to remote desktop onto the computer if the computer was once a member of your domain you should be able to login using the administrator account
0
kennedy2008Author Commented:
-I have flush the DNS cache on a local machine (not the DC) with no result
-I have assigned the ip address in question to a local computer without conflict.
However the address is not pingable on any other computer in the domain, even though the computer with the newly assigned address can browse the network.

I have read somewhere about Phantom entries in AD but do not know how to remove these.
Any ideas to whether these are phantom entries, and if so, how do you identify them as such and remove them?
0
DenverRickCommented:
On the machine with the problem:  (there is no danger in these commands)

Net Stop Netlogon
Net Stop DNS (if this machine has DNS server installed)
Ipconfig/flushdns
Ipconfig/registerdns
Net Start DNS (If needed)
Net Start Netlogon
0
kennedy2008Author Commented:
DENVER RICK

You want me to do this on the Domain Controller?  
The machines names (problem computers) that are listed in the event log on the DC (DNS server) are nowhere to found physically on the domain.
0
DenverRickCommented:
Let's backup a step.  

If the computer names are not listed in AD, and you have in fact "refreshed" while in that OU, then you have orphaned accounts.

Did you attempt to disjoin from the Domain?
0
kennedy2008Author Commented:
To my knowledge these computer objects where never disjoined from the domain.

Yes, the objects have not been in AD for a few months now.
0
DenverRickCommented:
But they show Domain Membership in My Computer, Properties, Computer Name tab?
0
DenverRickCommented:
Headed out for awhile...if they do show Domain Membership, logon as a local administrator (while unplugged from the network) and move (join) them to a Workgroup.  Reboot, reconnect to the network, and join the Domain.

DR
0
kennedy2008Author Commented:
That is the strange part of this whole thing.  The computers/IP addresses that these entries (in the event viewer of the domain controller) are refering to do no exist in the domain, phyiscally (no computer) or administratively (in AD as an object and IP address is not being leased)
For example, if I ping the computer name the event is referring to
06xp301 it will resolve to a private address 192.168.1.106, but it is not be reachable. When I look in the DHCP lease list the address nor computer name are listed.  Furthermore, I cannot physically find these machine.  

Now, in one case i am certain the computer was renamed before the old name was disjoined from the domain.  example:  008dt321 renamed to 08dt321.  The new name exists as an object and is pingable, however the old name 008dt321 is niether.
0
DenverRickCommented:
Go to your DNS server and delete those host records!  Do an ipconfig/flushdns on the DNS server after that.

On any machine you are testing you will need to reboot or do an ipconfig/flushdns.

If those records were there your problem will fade away as the DNS is propagated throughout the Domain.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
kennedy2008Author Commented:
That was what it needed.  thanx!
0
DenverRickCommented:
yerwelkum!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.