Solved

Netlogon Error Eventid 5723

Posted on 2011-03-21
15
2,296 Views
Last Modified: 2012-05-11
My issue is about the same as kennedy2008 about "Event ID 5723 need to remove netlogon entries"
. I follow all the steps but I couldn't figured out my issue. My problem is

1. Cant' ping the device that shown on the event log.
2. There no DNS record for that device.
3. I do not know the physical location of this computer.
4. Couldn't search that device in Active Directory, even search in the forest domain.

===========
Event ID 5723
The session setup from computer 'COBBGR5J1' failed because the security database does not contain a trust account 'COBBGR5J1$' referenced by the specified computer.  

USER ACTION  
If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time. Otherwise, the following steps may be taken to resolve this problem:  

If 'COBBGR5J1$' is a legitimate machine account for the computer 'CCOBBGR5J1', then 'COBBGR5J1' should be rejoined to the domain.  

If 'COBBGR5J1$' is a legitimate interdomain trust account, then the trust should be recreated.  

Otherwise, assuming that 'COBBGR5J1$' is not a legitimate account, the following action should be taken on 'COBBGR5J1':  

If 'COBBGR5J1' is a Domain Controller, then the trust associated with 'COBBGR5J1$' should be deleted.  

If 'COBBGR5J1' is not a Domain Controller, it should be disjoined from the domain.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
Comment
Question by:sirichaiphumirat
  • 9
  • 6
15 Comments
 
LVL 4

Expert Comment

by:cavp76
ID: 35183050
Get NMAP, and launch a scan, this will give you a cue about the OS; also, if in the same physical LAN, try a search on Google for the MAC address and manufacturer (kind like "00:00:00:00:aa:bb manufacturer), that also will give you a peek about what kind of machine it is.

HTH

0
 

Author Comment

by:sirichaiphumirat
ID: 35183183
I will try that  and keep you posted.
0
 

Author Comment

by:sirichaiphumirat
ID: 35183336
I tried NMAP but didn't get any info. Failed to resolve given hostname/IP. Also, I can't access or event ping the device, so I can't get the MAC address.

Below is the Scan result:
Starting Nmap 5.51 ( http://nmap.org ) at 2011-03-21 11:30 Pacific Daylight Time

Nmap done: 0 IP addresses (0 hosts up) scanned in 2.39 seconds

Failed to resolve given hostname/IP: COBBGR5J1.  Note that you can't use '/mask' AND '1-4,7,100-' style IP ranges

WARNING: No targets were specified, so 0 hosts scanned.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 4

Expert Comment

by:cavp76
ID: 35184106
Try running nmap again, but specifying the IP got from the event log; also, ping it anyways and do a "arp -a" in your machine inside a command windows, there you'll see if it has a MAC address assuming it is on your LAN; if nothing, perhaps someone brought his/her personal laptop and plugged into the network and tried to log into the domain... if it's not one of your machines, it's safe to forget about it
0
 

Author Comment

by:sirichaiphumirat
ID: 35184446
I couldn't even ping it or get any ip addressPing request could not find host cobbgr5j1. Please check the name and try again.
0
 
LVL 4

Expert Comment

by:cavp76
ID: 35184642
I know it does not respond to pings... it is only to get the MAC address of the card, so you'll know at least the manufacturer (and then infer something about that machine, assuming as I said before it's on your LAN); even if it's firewalled, it should give away its MAC address, or you wouldn't have seen it in the network
0
 

Author Comment

by:sirichaiphumirat
ID: 35193784
This is what I got.
Error.jpg
0
 

Author Comment

by:sirichaiphumirat
ID: 35193826
Sorry for the last image. It was the wrong one. Here is what I got.
Error.jpg
0
 
LVL 4

Expert Comment

by:cavp76
ID: 35193863
OK... first, I'd like to know something I've been assuming: in the event log, was there any IP recorded for that machine? if so, do you see it in that list?

As I said, it could be someone's personal laptop that was plugged into the network.
0
 

Author Comment

by:sirichaiphumirat
ID: 35199465
In the event log I didn't see any IP recorded, just the computer name. I understand what you said, but is there anyway to get rid of those errors? I keep getting those errors every day.
0
 
LVL 4

Expert Comment

by:cavp76
ID: 35202068
Follow the time trail.. is it logged at the same or about the same time? do you have any remote sites that log into the same domain?
0
 

Author Comment

by:sirichaiphumirat
ID: 35202712
No, it is not logged at the same time and yes we do have remote sites that log into the same domain.
0
 
LVL 4

Accepted Solution

by:
cavp76 earned 500 total points
ID: 35203400
OK, I'm at a loss here... the only that I can think of is run nmap in every site as soon as the event appears, but this means a lot of time and coordination. Sorry I can't help anymore
0
 

Author Comment

by:sirichaiphumirat
ID: 35210280
I ran nmap in every site right after I donwloaded.
0
 

Author Closing Comment

by:sirichaiphumirat
ID: 35216265
couldn't solve the problem.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question