Solved

Netlogon Error - 5722

Posted on 2011-02-23
7
1,393 Views
Last Modified: 2012-08-13
On the Windows 2003 Server (Domain Controller), I saw a few of these errors from the system event logs.

"The session setup from the computer TLAILD108 failed to authenticate. The name of the account referenced in the security database is TLAILD108$. The following error occured: Access is Denied."

EventID.net says:
EventID.Net
The NetLogon service on the PDC logs this error message when the password is not synchronized between the computer and PDC. This is a common problem. When a workstation joins the domain, a trust is created with the PDC along with a secured channel password on both machines.  This password, by default, automatically changes every seven days. If for some reason the process of password change fails, this error will be generated. One may have to reset the machine account password (can be done with the NETDOM utility  - from NT Resource Kit or for Windows 2000 from the Support Tools ). The password change is initiated by the workstation

Honestly, I don't understand this. I need help with this. How do I resolve this error from taking place.

It says to reset the machine account password. How do you do this? How do I know which user's password needs to be reset? The workstation is TLAILD108 and a few users may use this PC to log on to the Domain.

Attached is a screen capture of the error. Netlogon Error - 5722
0
Comment
Question by:ben1211
7 Comments
 
LVL 77

Assisted Solution

by:arnold
arnold earned 333 total points
ID: 34967151
The short example is you have a policy that the computer password expires after 30 days. If the computer was off for 31 days, the credentials it has are no valid.
you can use netdom to reset the computer account on the TLAILD108.
http://support.microsoft.com/kb/260575

rejoining the TLAILD108 system into the domain will correct this problem.  Double check that you do not have a GPO that expires the password in a time where a workstation is off.
0
 
LVL 11

Accepted Solution

by:
yelbaglf earned 167 total points
ID: 34967168
This error occurs when the computer account's password isn't synchronized.  You can reset the secure channel by running this command as domain admin on the problem computer [TLAILD108].

From an elevated cmd prompt:

netdom member \\TLAILD108 /joindomain

Here's the relevant KB:
http://support.microsoft.com/kb/175024
0
 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 34967813
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 

Author Comment

by:ben1211
ID: 35069215
arnold, what do you mean by "you can use netdom to reset the computer account on the TLAILD108". I don't understand this.

How do I check if I have a GPO that expires the password when a workstation is off?

Why do I need to run this command? netdom member \\TLAILD108 /joindomain

Why do I need to get that computer to re-join the domain?
0
 
LVL 77

Expert Comment

by:arnold
ID: 35071254
Using GPMC run a group Policy results wizard and look: From the links below along with MS article
http://forums.techarena.in/active-directory/942467.htm
http://support.microsoft.com/default.aspx?scid=kb;en-us;q175468

Computer configuration\windows settings\security settings\local policies\security options\
Look for the "Domain member: maximum machine account password age"
is it set to anything 30,60,90 days? This would also tell you which GPO sets this parameter.
This setting is what forces the workstations,member server to generate a new machine password on the set schedule.  If the system is off the network in excess of the set amount, the machine password the system has will be "expired" and the connection to the DC will not be made.

One option is to run the netdom /resetpassword and since the domain admin credentials are provided the new password will be accepted by the DC.
The joindomain is in a way the same thing. i.e. the system will reregister with the DC and exchange the machine account password.

0
 

Author Comment

by:ben1211
ID: 35079509
arnold...this AD Server is a very basic server. I have not done any changes to the GPO Settings. COuld you direct me as to how do I get to the GPO window and how do i see if the password age has been set for this particular local computer. This is done on the AD Server?
0
 
LVL 77

Assisted Solution

by:arnold
arnold earned 333 total points
ID: 35079548
Download and install GPMC from http://www.microsoft.com/downloads/en/details.aspx?FamilyID=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&displaylang=en
Once it is install, you can view your domain's GPOs and settings as well as run Group Policy results.
You can install the GPMC on a server or on a workstation.  It is merely a console to accessing the AD information/layout.
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
LPT Port to USB Printer Windows 7 23 690
Administrator Tools 2 72
Get-WinEvent vs. Get-EventLog to get AD security log from multiple AD domain controllers ? 4 176
Access_log 17 121
Email signature management is something that is often overlooked in many organizations or is simply not implemented effectively. Let's take a look at what methods are available for managing this important piece of corporate branding.
Note: This is the second blog post in a series on email clearinghouses (https://www.xmatters.com/alert-management/blog-email-has-failed-us?utm_campaign=70138000000ydLoAAI&utm_source=exex&utm_medium=article&utm_content=blog-post).   Every month t…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question