Solved

Netlogon Error Eventid 5723

Posted on 2011-03-21
15
2,313 Views
Last Modified: 2012-05-11
My issue is about the same as kennedy2008 about "Event ID 5723 need to remove netlogon entries"
. I follow all the steps but I couldn't figured out my issue. My problem is

1. Cant' ping the device that shown on the event log.
2. There no DNS record for that device.
3. I do not know the physical location of this computer.
4. Couldn't search that device in Active Directory, even search in the forest domain.

===========
Event ID 5723
The session setup from computer 'COBBGR5J1' failed because the security database does not contain a trust account 'COBBGR5J1$' referenced by the specified computer.  

USER ACTION  
If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time. Otherwise, the following steps may be taken to resolve this problem:  

If 'COBBGR5J1$' is a legitimate machine account for the computer 'CCOBBGR5J1', then 'COBBGR5J1' should be rejoined to the domain.  

If 'COBBGR5J1$' is a legitimate interdomain trust account, then the trust should be recreated.  

Otherwise, assuming that 'COBBGR5J1$' is not a legitimate account, the following action should be taken on 'COBBGR5J1':  

If 'COBBGR5J1' is a Domain Controller, then the trust associated with 'COBBGR5J1$' should be deleted.  

If 'COBBGR5J1' is not a Domain Controller, it should be disjoined from the domain.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
Comment
Question by:sirichaiphumirat
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 6
15 Comments
 
LVL 4

Expert Comment

by:cavp76
ID: 35183050
Get NMAP, and launch a scan, this will give you a cue about the OS; also, if in the same physical LAN, try a search on Google for the MAC address and manufacturer (kind like "00:00:00:00:aa:bb manufacturer), that also will give you a peek about what kind of machine it is.

HTH

0
 

Author Comment

by:sirichaiphumirat
ID: 35183183
I will try that  and keep you posted.
0
 

Author Comment

by:sirichaiphumirat
ID: 35183336
I tried NMAP but didn't get any info. Failed to resolve given hostname/IP. Also, I can't access or event ping the device, so I can't get the MAC address.

Below is the Scan result:
Starting Nmap 5.51 ( http://nmap.org ) at 2011-03-21 11:30 Pacific Daylight Time

Nmap done: 0 IP addresses (0 hosts up) scanned in 2.39 seconds

Failed to resolve given hostname/IP: COBBGR5J1.  Note that you can't use '/mask' AND '1-4,7,100-' style IP ranges

WARNING: No targets were specified, so 0 hosts scanned.
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 4

Expert Comment

by:cavp76
ID: 35184106
Try running nmap again, but specifying the IP got from the event log; also, ping it anyways and do a "arp -a" in your machine inside a command windows, there you'll see if it has a MAC address assuming it is on your LAN; if nothing, perhaps someone brought his/her personal laptop and plugged into the network and tried to log into the domain... if it's not one of your machines, it's safe to forget about it
0
 

Author Comment

by:sirichaiphumirat
ID: 35184446
I couldn't even ping it or get any ip addressPing request could not find host cobbgr5j1. Please check the name and try again.
0
 
LVL 4

Expert Comment

by:cavp76
ID: 35184642
I know it does not respond to pings... it is only to get the MAC address of the card, so you'll know at least the manufacturer (and then infer something about that machine, assuming as I said before it's on your LAN); even if it's firewalled, it should give away its MAC address, or you wouldn't have seen it in the network
0
 

Author Comment

by:sirichaiphumirat
ID: 35193784
This is what I got.
Error.jpg
0
 

Author Comment

by:sirichaiphumirat
ID: 35193826
Sorry for the last image. It was the wrong one. Here is what I got.
Error.jpg
0
 
LVL 4

Expert Comment

by:cavp76
ID: 35193863
OK... first, I'd like to know something I've been assuming: in the event log, was there any IP recorded for that machine? if so, do you see it in that list?

As I said, it could be someone's personal laptop that was plugged into the network.
0
 

Author Comment

by:sirichaiphumirat
ID: 35199465
In the event log I didn't see any IP recorded, just the computer name. I understand what you said, but is there anyway to get rid of those errors? I keep getting those errors every day.
0
 
LVL 4

Expert Comment

by:cavp76
ID: 35202068
Follow the time trail.. is it logged at the same or about the same time? do you have any remote sites that log into the same domain?
0
 

Author Comment

by:sirichaiphumirat
ID: 35202712
No, it is not logged at the same time and yes we do have remote sites that log into the same domain.
0
 
LVL 4

Accepted Solution

by:
cavp76 earned 500 total points
ID: 35203400
OK, I'm at a loss here... the only that I can think of is run nmap in every site as soon as the event appears, but this means a lot of time and coordination. Sorry I can't help anymore
0
 

Author Comment

by:sirichaiphumirat
ID: 35210280
I ran nmap in every site right after I donwloaded.
0
 

Author Closing Comment

by:sirichaiphumirat
ID: 35216265
couldn't solve the problem.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question