Solved

Netlogon Error Eventid 5723

Posted on 2011-03-21
15
2,283 Views
Last Modified: 2012-05-11
My issue is about the same as kennedy2008 about "Event ID 5723 need to remove netlogon entries"
. I follow all the steps but I couldn't figured out my issue. My problem is

1. Cant' ping the device that shown on the event log.
2. There no DNS record for that device.
3. I do not know the physical location of this computer.
4. Couldn't search that device in Active Directory, even search in the forest domain.

===========
Event ID 5723
The session setup from computer 'COBBGR5J1' failed because the security database does not contain a trust account 'COBBGR5J1$' referenced by the specified computer.  

USER ACTION  
If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time. Otherwise, the following steps may be taken to resolve this problem:  

If 'COBBGR5J1$' is a legitimate machine account for the computer 'CCOBBGR5J1', then 'COBBGR5J1' should be rejoined to the domain.  

If 'COBBGR5J1$' is a legitimate interdomain trust account, then the trust should be recreated.  

Otherwise, assuming that 'COBBGR5J1$' is not a legitimate account, the following action should be taken on 'COBBGR5J1':  

If 'COBBGR5J1' is a Domain Controller, then the trust associated with 'COBBGR5J1$' should be deleted.  

If 'COBBGR5J1' is not a Domain Controller, it should be disjoined from the domain.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
Comment
Question by:sirichaiphumirat
  • 9
  • 6
15 Comments
 
LVL 4

Expert Comment

by:cavp76
Comment Utility
Get NMAP, and launch a scan, this will give you a cue about the OS; also, if in the same physical LAN, try a search on Google for the MAC address and manufacturer (kind like "00:00:00:00:aa:bb manufacturer), that also will give you a peek about what kind of machine it is.

HTH

0
 

Author Comment

by:sirichaiphumirat
Comment Utility
I will try that  and keep you posted.
0
 

Author Comment

by:sirichaiphumirat
Comment Utility
I tried NMAP but didn't get any info. Failed to resolve given hostname/IP. Also, I can't access or event ping the device, so I can't get the MAC address.

Below is the Scan result:
Starting Nmap 5.51 ( http://nmap.org ) at 2011-03-21 11:30 Pacific Daylight Time

Nmap done: 0 IP addresses (0 hosts up) scanned in 2.39 seconds

Failed to resolve given hostname/IP: COBBGR5J1.  Note that you can't use '/mask' AND '1-4,7,100-' style IP ranges

WARNING: No targets were specified, so 0 hosts scanned.
0
 
LVL 4

Expert Comment

by:cavp76
Comment Utility
Try running nmap again, but specifying the IP got from the event log; also, ping it anyways and do a "arp -a" in your machine inside a command windows, there you'll see if it has a MAC address assuming it is on your LAN; if nothing, perhaps someone brought his/her personal laptop and plugged into the network and tried to log into the domain... if it's not one of your machines, it's safe to forget about it
0
 

Author Comment

by:sirichaiphumirat
Comment Utility
I couldn't even ping it or get any ip addressPing request could not find host cobbgr5j1. Please check the name and try again.
0
 
LVL 4

Expert Comment

by:cavp76
Comment Utility
I know it does not respond to pings... it is only to get the MAC address of the card, so you'll know at least the manufacturer (and then infer something about that machine, assuming as I said before it's on your LAN); even if it's firewalled, it should give away its MAC address, or you wouldn't have seen it in the network
0
 

Author Comment

by:sirichaiphumirat
Comment Utility
This is what I got.
Error.jpg
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 

Author Comment

by:sirichaiphumirat
Comment Utility
Sorry for the last image. It was the wrong one. Here is what I got.
Error.jpg
0
 
LVL 4

Expert Comment

by:cavp76
Comment Utility
OK... first, I'd like to know something I've been assuming: in the event log, was there any IP recorded for that machine? if so, do you see it in that list?

As I said, it could be someone's personal laptop that was plugged into the network.
0
 

Author Comment

by:sirichaiphumirat
Comment Utility
In the event log I didn't see any IP recorded, just the computer name. I understand what you said, but is there anyway to get rid of those errors? I keep getting those errors every day.
0
 
LVL 4

Expert Comment

by:cavp76
Comment Utility
Follow the time trail.. is it logged at the same or about the same time? do you have any remote sites that log into the same domain?
0
 

Author Comment

by:sirichaiphumirat
Comment Utility
No, it is not logged at the same time and yes we do have remote sites that log into the same domain.
0
 
LVL 4

Accepted Solution

by:
cavp76 earned 500 total points
Comment Utility
OK, I'm at a loss here... the only that I can think of is run nmap in every site as soon as the event appears, but this means a lot of time and coordination. Sorry I can't help anymore
0
 

Author Comment

by:sirichaiphumirat
Comment Utility
I ran nmap in every site right after I donwloaded.
0
 

Author Closing Comment

by:sirichaiphumirat
Comment Utility
couldn't solve the problem.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now