Solved

Windows 7 Pro client causes an Application Event error 5723 - Netlogon on Domain Controller

Posted on 2010-09-08
10
763 Views
Last Modified: 2013-12-05
Hello,

I'm testing Windows 7 Pro clients for compatibility on my Company's network.  We are still using Windows 2000 Domain Controllers (SP4) however our Exchange Server is running on Windows 2003 R2 so we have raised the Domain Version to 2003 R2 to accommodate this as a member server (not a DC).

When can join a Windows 7 Pro client but, every time the Windows 7 computer boots up, it creates an Application Log Error in our Domain Controller (containing all the FSMO Roles).  The error is:

Event ID: 5723
Source: Netlogon

Below is the "text" of the error:
The session setup from the computer 7-TEST failed because there is no trust account in the security database for this computer. The name of the account referenced in the security database is 7-TEST$.

Thank you in advance for any assistance!
Bruce Sobo.
0
Comment
Question by:high_sobo
  • 5
  • 4
10 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 33628485
You can only raise the functional level on DC's in your environment. All DC's need to be running Server 2003 in order to raise the domain functional level.
0
 
LVL 12

Expert Comment

by:mlongoh
ID: 33628577
7-TEST$ is the object's sAMAccountName in Active Directory.  For some reason the computer is not presenting its sAMAccountName with the dollar sign suffix when attempting to establish a session (during startup) with the domain contoller.

When you joined the computer to the domain did you let the computer account get created at that time or did you create the computer account ahead of time?

I would suggest removing the computer from the domain, removing the object from the domain, and re-join the computer to the domain.
0
 

Author Comment

by:high_sobo
ID: 33628627
Mlongoh,

When we joined the domain, we let the computer account get created - we did not create it ahead of time.

I would follow your suggestion about removing the computer from the domain and the object and re-joining the domain, but we have done this several times all with the same result.

Of course each time we used a different computer name, if fact we have used different computers entirely - same result error 5723 , Netlogon.

Thanks
0
 
LVL 12

Expert Comment

by:mlongoh
ID: 33628736
Have you attempted to create the object ahead of time before joining?
0
 

Author Comment

by:high_sobo
ID: 33629486
Mlongoh,

We did not try to create the object ahead of time - but we can try it - although we have never had to do this with XP clients - but I understand your line of thinking - may Windows 7 from some technical reason doesn't create the object correctly in the domain - could be Windows 7 firewall status at the time etc..

We can try it.  Also, curiously we have shut down and booted up the computer several times now and it only created the error once - when it first booted and joined the domain  - so maybe this is a bogus error.

We have an actual working PC running Windows 7 and almost everyday when it first boots it causes this error - however - there have been days it has booted and not created the error - very strange!

ALSO - I incorrectly stated that the error was in the Application Log of the Domain Controller - it's in the System Log of the Domain Controller - sorry.

0
Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

 

Author Comment

by:high_sobo
ID: 33647438
Mlongoh,

Today we created the Object ahead of time (meaning the computer name in Active Directory) - same result - it generated an error.  It doesn't through the error every time it boots up and the existing PC we have running Windows 7 booted up today and didn't create an error.  I'm starting to think it is something on the Windows 7 client - either firewall blocking connection to that share when it boots or the actual share permission that our DC says it can't gain access to may need an additional permission so the DC can see it.

Thanks
0
 
LVL 12

Expert Comment

by:mlongoh
ID: 33647663
Firewall blocking connection to what share?  If you are thinking that the DC has to access any shares on the Win7 workstation I would disagree.  You can disable sharing completely and still have a PC participate in a domain without error.  So I doubt that's what your issue is.  Of course it's easily tested by disabling all firewall services on the workstation.

I suppose that it's possible that there's something on the PC blocking outbound traffic, but I doubt it.

At this point, I'd be calling Microsoft and opening a ticket.
0
 

Author Comment

by:high_sobo
ID: 33647842
Sorry Mlongoh - that theory was based on my limited knowledge of how the domain communicates back and forth with the work station.  I don't doubt that you know how and what data is passed between DC and work station.

I'm just taking the "literal" portion of the error - sorry
0
 
LVL 12

Accepted Solution

by:
mlongoh earned 500 total points
ID: 33661956
No need to apologize... I just want to make sure that I understand what's going on as well.  We all learn from this forum, that's the beauty of it.

I have only a cursory familiarity with Windows 7/Vista in a 2003 domain environment, so you have to take everything I say with a grain of virtual salt.  However, to the best of my understanding, it should work without the issues you are describing.  One of two things is probably at play, either something in the Windows 7 build or something in your domain environment.

Were I in your shoes, I'd call MS and fork over the $265 (or whatever it costs to open a call) and get their help with the issue.  It's probably costing more in time and effort at this point to try to solve it yourself.
0
 

Author Comment

by:high_sobo
ID: 33673220
Thanks Mlongoh - I sincerely appreciate your help.

I'm going to close this question - if I get a definitive answer for this problem - I'll let you know...

Again - thank you for your help.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now