Link to home
Start Free TrialLog in
Avatar of Markooza

asked on

netlogon issues

Hello Guys,

I have a very strange issue, last night we had to re-ip one of our windows 2003 DC's so i first Dcprom'ed it down chaged the computer name and then re-ip'ed the server.
After that I dcpromo'ed the server up and made it a GC and associated the new Subnet with the site and restarted the netlogon service.

Now When i log on to the DC i get a strange netlogon warining which says
Event Type: Warning
Event Source: NETLOGON
Event Category: None
Event ID: 5802
Date: 2/18/2010
Time: 10:18:03 AM
User: N/A
Computer: Server A
None of the IP addresses ( of this Domain Controller map to the configured site 'L20'. While this may be a temporary situation due to IP address changes, it is generally recommended that the IP address of the Domain Controller (accessible to machines in its domain) maps to the Site which it services. If the above list of IP addresses is stable, consider moving this server to a site (or create one if it does not already exist) such that the above IP address maps to the selected site. This may require the creation of a new subnet object (whose range includes the above IP address) which maps to the selected site object.

For more information, see Help and Support Center at

But I indeed have the subnet created and assoicated with this site...
Any help guys??

Avatar of farazhkhan
Flag of Pakistan image

Avatar of Markooza


Hi Faraz,

Thanks for responding mate,  alright now I do have correct subnet ( created and associated with the correct site and the server is indeed present in t hat site too.

but what i dont get is why is showinh up in this event log, I have tried to remove it from DNS under the NAME SERVERS tab for Server A but it keep coming back..

Any idea?>

Well, I don't know how did you changed the new IP's for the DNS server, make sure you have followed all steps:

Faraz H. Khan
You need to verify the old server entry doesn't exists in dc,pdc,domain,GC under  _msdcs folder in dns.
Open ADSIEDIT.MSC, locate configuration partition,sites & verify old server entry is not there.
Also,force replication on other dc to replicate the changes done for old as well as new dc's.
Looks for old server dns entry as well as computer object in domain controller OU & if its there delete it.
Run ipconfig /flushdns & ipconfig /registerdns also run nltest /dsregdns.
As you are saying you have verified the subnet mapping with the respected site Also check the replication setting is done properly.
Reconfirm old server entry has been done by running metadata cleanup of old dc.
@ Awinish

I checked everything u told me to..

Meta Data: The old server info isnt present
Adsi under sites: The old server is not listed
Computer object: The old computer objects isnt der in any OU

i sucessfully forced replication...... but one thing I wanted to mention was tha  the address listed in the event log on top was actually the Drac card address which was registering with DNS, I have disabled that now and rebooted the DC but even after that it seems to be registering and I get the same event in the log.

Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5722
Date:            2/18/2010
Time:            12:27:41 PM
User:            N/A
Computer:      L20DCGC401
The session setup from the computer KMEAE00009448 failed to authenticate. The name(s) of the account(s) referenced in the security database is KMEAE00009448$.  The following error occurred:
Access is denied.

For more information, see Help and Support Center at
0000: 22 00 00 c0               "..À    

This ia a new error for sure if its means anything...


I have teh site created and the server ip is (DC) and the subnet associated with that is which is asssociated with the L20 site in ADSServices.
Event Type:      Error
Event Source:      NTDS Replication
Event Category:      Replication
Event ID:      1864
Date:            2/18/2010
Time:            1:02:59 PM
Computer:      L20DCGC401
This is the replication status for the following directory partition on the local domain controller.
Directory partition:
The local domain controller has not recently received replication information from a number of domain controllers.   The count of domain controllers is shown, divided into the following intervals.
More than 24 hours:
More than a week:
More than one month:
More than two months:
More than a tombstone lifetime:
Tombstone lifetime (days):
 Domain controllers that do not replicate in a timely manner may encounter errors. It may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled.
To identify the domain controllers by name, install the support tools included on the installation  CD and run dcdiag.exe.
You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest.   The command is "repadmin /showvector /latency <partition-dn>".

For more information, see Help and Support Center at
Avatar of abolinhas
Flag of Portugal image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial