Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Netlogon Error Eventid 5723

Posted on 2011-03-21
15
Medium Priority
?
2,333 Views
Last Modified: 2012-05-11
My issue is about the same as kennedy2008 about "Event ID 5723 need to remove netlogon entries"
. I follow all the steps but I couldn't figured out my issue. My problem is

1. Cant' ping the device that shown on the event log.
2. There no DNS record for that device.
3. I do not know the physical location of this computer.
4. Couldn't search that device in Active Directory, even search in the forest domain.

===========
Event ID 5723
The session setup from computer 'COBBGR5J1' failed because the security database does not contain a trust account 'COBBGR5J1$' referenced by the specified computer.  

USER ACTION  
If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time. Otherwise, the following steps may be taken to resolve this problem:  

If 'COBBGR5J1$' is a legitimate machine account for the computer 'CCOBBGR5J1', then 'COBBGR5J1' should be rejoined to the domain.  

If 'COBBGR5J1$' is a legitimate interdomain trust account, then the trust should be recreated.  

Otherwise, assuming that 'COBBGR5J1$' is not a legitimate account, the following action should be taken on 'COBBGR5J1':  

If 'COBBGR5J1' is a Domain Controller, then the trust associated with 'COBBGR5J1$' should be deleted.  

If 'COBBGR5J1' is not a Domain Controller, it should be disjoined from the domain.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
Comment
Question by:sirichaiphumirat
  • 9
  • 6
15 Comments
 
LVL 4

Expert Comment

by:cavp76
ID: 35183050
Get NMAP, and launch a scan, this will give you a cue about the OS; also, if in the same physical LAN, try a search on Google for the MAC address and manufacturer (kind like "00:00:00:00:aa:bb manufacturer), that also will give you a peek about what kind of machine it is.

HTH

0
 

Author Comment

by:sirichaiphumirat
ID: 35183183
I will try that  and keep you posted.
0
 

Author Comment

by:sirichaiphumirat
ID: 35183336
I tried NMAP but didn't get any info. Failed to resolve given hostname/IP. Also, I can't access or event ping the device, so I can't get the MAC address.

Below is the Scan result:
Starting Nmap 5.51 ( http://nmap.org ) at 2011-03-21 11:30 Pacific Daylight Time

Nmap done: 0 IP addresses (0 hosts up) scanned in 2.39 seconds

Failed to resolve given hostname/IP: COBBGR5J1.  Note that you can't use '/mask' AND '1-4,7,100-' style IP ranges

WARNING: No targets were specified, so 0 hosts scanned.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 4

Expert Comment

by:cavp76
ID: 35184106
Try running nmap again, but specifying the IP got from the event log; also, ping it anyways and do a "arp -a" in your machine inside a command windows, there you'll see if it has a MAC address assuming it is on your LAN; if nothing, perhaps someone brought his/her personal laptop and plugged into the network and tried to log into the domain... if it's not one of your machines, it's safe to forget about it
0
 

Author Comment

by:sirichaiphumirat
ID: 35184446
I couldn't even ping it or get any ip addressPing request could not find host cobbgr5j1. Please check the name and try again.
0
 
LVL 4

Expert Comment

by:cavp76
ID: 35184642
I know it does not respond to pings... it is only to get the MAC address of the card, so you'll know at least the manufacturer (and then infer something about that machine, assuming as I said before it's on your LAN); even if it's firewalled, it should give away its MAC address, or you wouldn't have seen it in the network
0
 

Author Comment

by:sirichaiphumirat
ID: 35193784
This is what I got.
Error.jpg
0
 

Author Comment

by:sirichaiphumirat
ID: 35193826
Sorry for the last image. It was the wrong one. Here is what I got.
Error.jpg
0
 
LVL 4

Expert Comment

by:cavp76
ID: 35193863
OK... first, I'd like to know something I've been assuming: in the event log, was there any IP recorded for that machine? if so, do you see it in that list?

As I said, it could be someone's personal laptop that was plugged into the network.
0
 

Author Comment

by:sirichaiphumirat
ID: 35199465
In the event log I didn't see any IP recorded, just the computer name. I understand what you said, but is there anyway to get rid of those errors? I keep getting those errors every day.
0
 
LVL 4

Expert Comment

by:cavp76
ID: 35202068
Follow the time trail.. is it logged at the same or about the same time? do you have any remote sites that log into the same domain?
0
 

Author Comment

by:sirichaiphumirat
ID: 35202712
No, it is not logged at the same time and yes we do have remote sites that log into the same domain.
0
 
LVL 4

Accepted Solution

by:
cavp76 earned 1000 total points
ID: 35203400
OK, I'm at a loss here... the only that I can think of is run nmap in every site as soon as the event appears, but this means a lot of time and coordination. Sorry I can't help anymore
0
 

Author Comment

by:sirichaiphumirat
ID: 35210280
I ran nmap in every site right after I donwloaded.
0
 

Author Closing Comment

by:sirichaiphumirat
ID: 35216265
couldn't solve the problem.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question