Netlogon Error Eventid 5723
My issue is about the same as kennedy2008 about "Event ID 5723 need to remove netlogon entries"
. I follow all the steps but I couldn't figured out my issue. My problem is
1. Cant' ping the device that shown on the event log.
2. There no DNS record for that device.
3. I do not know the physical location of this computer.
4. Couldn't search that device in Active Directory, even search in the forest domain.
===========
Event ID 5723
The session setup from computer 'COBBGR5J1' failed because the security database does not contain a trust account 'COBBGR5J1$' referenced by the specified computer.
USER ACTION
If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time. Otherwise, the following steps may be taken to resolve this problem:
If 'COBBGR5J1$' is a legitimate machine account for the computer 'CCOBBGR5J1', then 'COBBGR5J1' should be rejoined to the domain.
If 'COBBGR5J1$' is a legitimate interdomain trust account, then the trust should be recreated.
Otherwise, assuming that 'COBBGR5J1$' is not a legitimate account, the following action should be taken on 'COBBGR5J1':
If 'COBBGR5J1' is a Domain Controller, then the trust associated with 'COBBGR5J1$' should be deleted.
If 'COBBGR5J1' is not a Domain Controller, it should be disjoined from the domain.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
. I follow all the steps but I couldn't figured out my issue. My problem is
1. Cant' ping the device that shown on the event log.
2. There no DNS record for that device.
3. I do not know the physical location of this computer.
4. Couldn't search that device in Active Directory, even search in the forest domain.
===========
Event ID 5723
The session setup from computer 'COBBGR5J1' failed because the security database does not contain a trust account 'COBBGR5J1$' referenced by the specified computer.
USER ACTION
If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time. Otherwise, the following steps may be taken to resolve this problem:
If 'COBBGR5J1$' is a legitimate machine account for the computer 'CCOBBGR5J1', then 'COBBGR5J1' should be rejoined to the domain.
If 'COBBGR5J1$' is a legitimate interdomain trust account, then the trust should be recreated.
Otherwise, assuming that 'COBBGR5J1$' is not a legitimate account, the following action should be taken on 'COBBGR5J1':
If 'COBBGR5J1' is a Domain Controller, then the trust associated with 'COBBGR5J1$' should be deleted.
If 'COBBGR5J1' is not a Domain Controller, it should be disjoined from the domain.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
ASKER
I will try that and keep you posted.
ASKER
I tried NMAP but didn't get any info. Failed to resolve given hostname/IP. Also, I can't access or event ping the device, so I can't get the MAC address.
Below is the Scan result:
Starting Nmap 5.51 ( http://nmap.org ) at 2011-03-21 11:30 Pacific Daylight Time
Nmap done: 0 IP addresses (0 hosts up) scanned in 2.39 seconds
Failed to resolve given hostname/IP: COBBGR5J1. Note that you can't use '/mask' AND '1-4,7,100-' style IP ranges
WARNING: No targets were specified, so 0 hosts scanned.
Below is the Scan result:
Starting Nmap 5.51 ( http://nmap.org ) at 2011-03-21 11:30 Pacific Daylight Time
Nmap done: 0 IP addresses (0 hosts up) scanned in 2.39 seconds
Failed to resolve given hostname/IP: COBBGR5J1. Note that you can't use '/mask' AND '1-4,7,100-' style IP ranges
WARNING: No targets were specified, so 0 hosts scanned.
Try running nmap again, but specifying the IP got from the event log; also, ping it anyways and do a "arp -a" in your machine inside a command windows, there you'll see if it has a MAC address assuming it is on your LAN; if nothing, perhaps someone brought his/her personal laptop and plugged into the network and tried to log into the domain... if it's not one of your machines, it's safe to forget about it
ASKER
I couldn't even ping it or get any ip addressPing request could not find host cobbgr5j1. Please check the name and try again.
I know it does not respond to pings... it is only to get the MAC address of the card, so you'll know at least the manufacturer (and then infer something about that machine, assuming as I said before it's on your LAN); even if it's firewalled, it should give away its MAC address, or you wouldn't have seen it in the network
ASKER
This is what I got.
Error.jpg
Error.jpg
ASKER
Sorry for the last image. It was the wrong one. Here is what I got.
Error.jpg
Error.jpg
OK... first, I'd like to know something I've been assuming: in the event log, was there any IP recorded for that machine? if so, do you see it in that list?
As I said, it could be someone's personal laptop that was plugged into the network.
As I said, it could be someone's personal laptop that was plugged into the network.
ASKER
In the event log I didn't see any IP recorded, just the computer name. I understand what you said, but is there anyway to get rid of those errors? I keep getting those errors every day.
Follow the time trail.. is it logged at the same or about the same time? do you have any remote sites that log into the same domain?
ASKER
No, it is not logged at the same time and yes we do have remote sites that log into the same domain.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I ran nmap in every site right after I donwloaded.
ASKER
couldn't solve the problem.
HTH