Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Kerberos event id 7 + netlogon event id 5719 errors, domain workstation unable to log on

Posted on 2009-05-19
9
Medium Priority
?
2,326 Views
Last Modified: 2012-05-07
Hi all,

Recently I've had several workstations come up with these event error logs (in chronological order):

Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5719
Date:            5/14/2009
Time:            11:19:50 AM
User:            N/A
Computer:      ABBOTT-MAIN
Description:
No Domain Controller is available for domain ABBOTT due to the following:
The RPC server is unavailable. .
Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 17 00 02 c0               ...    

Event Type:      Error
Event Source:      Kerberos
Event Category:      None
Event ID:      7
Date:            5/14/2009
Time:            11:47:06 AM
User:            N/A
Computer:      ABBOTT-MAIN
Description:
The kerberos subsystem encountered a PAC verification failure.  This indicates that the PAC from the client ABBOTT-MAIN$ in realm ABBOTT.LOCAL had a PAC which failed to verify or was modified.  Contact your system administrator.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 5e 00 00 c0               ^..  


I've read a few other topics and have tried re-syncing w32time to make sure all the clocks match, but I'm out of ideas at this point. The one workstation can't even log in, but if I check the system logs off of the domain (where it's able to log on) I don't see any errors when its trying to log on. On other workstations that are already logged in (and I don't dare log them out) i see those two errors in the system log. Also, I don't happen to see anything awry on the SBS 2003 server system logs either.

Any help would be greatly appreciated!

--Hans
0
Comment
Question by:dyndragon91
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 10

Accepted Solution

by:
PlusIT earned 750 total points
ID: 24427252
for the workstations that are failing to login to the domain:

- join the wks back into a workgroup
- delete the AD computer account manually from the AD
- wait 10 to 15 minutes
- rejoin the computer, if the problem restarts let me know.  
0
 

Author Comment

by:dyndragon91
ID: 24427434
I am concerned about doing this. Do I need to re-add the computer via the /connectcomputer/ wizard to retain all the SBS features and scripts? I don't think I do, but I just wanted to double check.
0
 
LVL 10

Assisted Solution

by:PlusIT
PlusIT earned 750 total points
ID: 24427444
Hey,

yes you do retain those as they are linked to the user account not the computer account.  After rejoining into the domain logging in with the domain user will even have preserved the profile.  I have seen similar problems like yours and rejoining the domain after manually deleting the computer account (NOT the user account!) mostly fixes these kind of issues.  Just make sure you wait long enough after manually deleting the computer account.  I wouldn't use connect computer though just do it from the properties screen of My Computer

Good luck!
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 

Author Comment

by:dyndragon91
ID: 24431046
I will give this a shot and report back. I'm not at this site for a day or two.
0
 

Author Comment

by:dyndragon91
ID: 24435919
Odd thing. Now I plug in the workstation that couldn't log in before and it works with no problems. ????! I'm dreading rootcausing this. What might cause these issues?
0
 
LVL 10

Assisted Solution

by:PlusIT
PlusIT earned 750 total points
ID: 24443788
check DNS settings, are you still using WINS?  Inconsitency between WINS and DNS information can cause this also.  I suggest you don't use WINS anymore and completely rely on DNS.

again there's a lot that could be going on still, from general physical network trouble to kerberos tickiting failing.  I would have a look at WINS / DNS first.  The first solution i gave always works when your PC can't logon to the domain, but when it sometimes can i'm thinking further like Wins, kerberos or plain old date and time being set wrong.

Did you acctually double check after testing with w32time your computer and bios time was set correctly before logging in ?
0
 

Author Comment

by:dyndragon91
ID: 24444149
This is a one PDC domain, so even if I was using WINS and DNS, there's only one domain server to resolve to and it's set to be a static IP address. In any case, I'm not using WINS as far as I know.

I did actually double check to make sure the bios time was set correctly. I know that you can get auth failures if the time is off, so that was the first thing I checked. I'm starting to think that one of the network switches might be on the fritz.

Still investigating...thanks for the tips.

0
 
LVL 10

Assisted Solution

by:PlusIT
PlusIT earned 750 total points
ID: 24444342
to make sure your client is not using WINS do an ipconfig /all on the client and check for WINS entries.
0
 

Author Closing Comment

by:dyndragon91
ID: 31583189
Good troubleshooting steps and it worked.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Small Business Server 2011. NOTE: This guide has been written using the preview version of SBS2011 therefore some of the screens may …
I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question