5723 NETLOGON: Session could not be created

Posted on 2011-04-30
Last Modified: 2012-06-27
We are using SBS 2008 (primary DC) and Server 2008 (backup DC) with about 20 XP and W7 clients. Yesterday morning all clients encountered login problems (5805 NETLOGON: The session setup from the computer [DOMAINCOMPUTER] failed to authenticate. The following error occurred: Access denied).

We reintegrated all clients into the domain (put into workgroup, reboot, put into domain, reboot). Login with severals accounts o all clients was successful, but after about 30 minutes the problem reappeared for new logins with:
1.  5723 NETLOGON: Session could not be created ...             followed by
2.  5805 NETLOGON: The session setup ... (see above).

What can cause these problems? All clients are listed in the AD.

Many thanks

Question by:sg08234
    LVL 74

    Expert Comment

    by:Glen Knight
    Access denied normally indicates a time issue.

    Is the time different on the SBS server to what it is on the client machines?

    It could also be a DNS issue.  Can you post IPCONFIG /ALL from the SBS server and one of the clients please?
    LVL 2

    Author Comment

    Thanks so far --> I'll check on monday. SBS time is correct. I assume client times to be correct too.

    What ist the idea behing asking for IP-settings (those have not been changed and worked fine for 3 months)?

    LVL 74

    Assisted Solution

    by:Glen Knight
    I just want to check it's setup properly.  Just because it's worked for 3 months doesn't mean they are correct.  I've seen sites that gave been working for years with the wrong IP configuration but then something happens and all of a sudden it stops working.
    LVL 6

    Assisted Solution

    I wonder if the computer names in AD are all invalid for some bizarre reason.
    I would try on one PC to remove from domain, go into AD sites and computers and delete the computer, then rejoin the domain and see what happens.
    Also are these happening to all computers or just the XP ones?
    I know that you will get this if XP has it's firewall on if you are trying to do this.
    Kelly W.
    LVL 2

    Accepted Solution

    Would renaming of the clients (in addition to rejoining the domain) help (--> New entries in the AD)?

    What if DC replication of "sites and computers" does not work properly? There are some Google hints that this also may cause the problems. How can I check correct replication (our domain admin is not available today)?

    Thanks - sg08234
    LVL 2

    Author Closing Comment

    Sorry for late feedback: After the weekend the problem did come up again. So I assume that DC replication of "sites and computers" did not work properly before and succeeded over weekend.

    Many thanks for you assistance. I only spend 100 points as none of your answers really hit the point.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    I know all systems administrator at some time or another has had to create a script to copy file from a server share to a desktop. Well now there is an easy way to do this in Group Policy. Using Group policy preferences is not hard. The first thing …
    I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now