• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2344
  • Last Modified:

Netlogon Error Eventid 5723

My issue is about the same as kennedy2008 about "Event ID 5723 need to remove netlogon entries"
. I follow all the steps but I couldn't figured out my issue. My problem is

1. Cant' ping the device that shown on the event log.
2. There no DNS record for that device.
3. I do not know the physical location of this computer.
4. Couldn't search that device in Active Directory, even search in the forest domain.

===========
Event ID 5723
The session setup from computer 'COBBGR5J1' failed because the security database does not contain a trust account 'COBBGR5J1$' referenced by the specified computer.  

USER ACTION  
If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time. Otherwise, the following steps may be taken to resolve this problem:  

If 'COBBGR5J1$' is a legitimate machine account for the computer 'CCOBBGR5J1', then 'COBBGR5J1' should be rejoined to the domain.  

If 'COBBGR5J1$' is a legitimate interdomain trust account, then the trust should be recreated.  

Otherwise, assuming that 'COBBGR5J1$' is not a legitimate account, the following action should be taken on 'COBBGR5J1':  

If 'COBBGR5J1' is a Domain Controller, then the trust associated with 'COBBGR5J1$' should be deleted.  

If 'COBBGR5J1' is not a Domain Controller, it should be disjoined from the domain.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
sirichaiphumirat
Asked:
sirichaiphumirat
  • 9
  • 6
1 Solution
 
cavp76Commented:
Get NMAP, and launch a scan, this will give you a cue about the OS; also, if in the same physical LAN, try a search on Google for the MAC address and manufacturer (kind like "00:00:00:00:aa:bb manufacturer), that also will give you a peek about what kind of machine it is.

HTH

0
 
sirichaiphumiratAuthor Commented:
I will try that  and keep you posted.
0
 
sirichaiphumiratAuthor Commented:
I tried NMAP but didn't get any info. Failed to resolve given hostname/IP. Also, I can't access or event ping the device, so I can't get the MAC address.

Below is the Scan result:
Starting Nmap 5.51 ( http://nmap.org ) at 2011-03-21 11:30 Pacific Daylight Time

Nmap done: 0 IP addresses (0 hosts up) scanned in 2.39 seconds

Failed to resolve given hostname/IP: COBBGR5J1.  Note that you can't use '/mask' AND '1-4,7,100-' style IP ranges

WARNING: No targets were specified, so 0 hosts scanned.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
cavp76Commented:
Try running nmap again, but specifying the IP got from the event log; also, ping it anyways and do a "arp -a" in your machine inside a command windows, there you'll see if it has a MAC address assuming it is on your LAN; if nothing, perhaps someone brought his/her personal laptop and plugged into the network and tried to log into the domain... if it's not one of your machines, it's safe to forget about it
0
 
sirichaiphumiratAuthor Commented:
I couldn't even ping it or get any ip addressPing request could not find host cobbgr5j1. Please check the name and try again.
0
 
cavp76Commented:
I know it does not respond to pings... it is only to get the MAC address of the card, so you'll know at least the manufacturer (and then infer something about that machine, assuming as I said before it's on your LAN); even if it's firewalled, it should give away its MAC address, or you wouldn't have seen it in the network
0
 
sirichaiphumiratAuthor Commented:
This is what I got.
Error.jpg
0
 
sirichaiphumiratAuthor Commented:
Sorry for the last image. It was the wrong one. Here is what I got.
Error.jpg
0
 
cavp76Commented:
OK... first, I'd like to know something I've been assuming: in the event log, was there any IP recorded for that machine? if so, do you see it in that list?

As I said, it could be someone's personal laptop that was plugged into the network.
0
 
sirichaiphumiratAuthor Commented:
In the event log I didn't see any IP recorded, just the computer name. I understand what you said, but is there anyway to get rid of those errors? I keep getting those errors every day.
0
 
cavp76Commented:
Follow the time trail.. is it logged at the same or about the same time? do you have any remote sites that log into the same domain?
0
 
sirichaiphumiratAuthor Commented:
No, it is not logged at the same time and yes we do have remote sites that log into the same domain.
0
 
cavp76Commented:
OK, I'm at a loss here... the only that I can think of is run nmap in every site as soon as the event appears, but this means a lot of time and coordination. Sorry I can't help anymore
0
 
sirichaiphumiratAuthor Commented:
I ran nmap in every site right after I donwloaded.
0
 
sirichaiphumiratAuthor Commented:
couldn't solve the problem.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

  • 9
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now