Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2942
  • Last Modified:

Netlogon event id 5719

Hi,

We are using Windows Server 2003 Doamin controllers. All the member servers are running on Windows 2000 and Windows 2003 OS. We are getting lot of  netlogon errors event id 5719 on the member servers. Please suggest me how to resolve this. I would like to know what is the root cause of this error.

The error is given as follows.
This computer was not able to set up a secure session with the domain controller in the domain "domain name".

Summary=MS eventlog alert: Log name System - source NETLOGON - event ID 5719 - descrition This computer was not able to set up a secure session with a domain controller in domain "Domain name" due to the following:  %%1311  This may lead to authentication problems.

The same error is coming for some doamin controllers also.

Please suggest me how to resolve this error. Thanks in advance.
0
gaddam01
Asked:
gaddam01
  • 3
  • 3
  • 2
  • +1
1 Solution
 
Raneesh ChitootharayilCommented:
please check your domain controllers pointing to itself as primary DNS?
0
 
gaddam01Author Commented:
Yes, all the domain controllers are pointing to themself as a primary DNS. What else need to be done to resolve this issue?
0
 
Raneesh ChitootharayilCommented:
read this link and give a try

http://support.microsoft.com/kb/247922
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
gaddam01Author Commented:
Thanks. This we had already done but still no luck.
0
 
Raneesh ChitootharayilCommented:
also could you please remove those giving error from domain and re-join?
0
 
gaddam01Author Commented:
Without rejoining is there any alternative solution that we can resolve the issue??
0
 
ashutoshsapreCommented:
Follow the steps below (You need to install the support tools first):

1).Download the klist tool
Windows 2000 Resource Kit Tool: Klist.exe

(This will require genuine windows check)

2). run NET STOP NETLOGON & NET STOP KDC

3).Install the tool and then browse to the directory from cmd and run

klist purge (or is it klist /purge)

4). REN C:\WINDOWS\SYSTEM32\CONFIG\NETLOGON.DNB C:\WINDOWS\SYSTEM32\CONFIG\NETLOGON.DNB.OLD

5). REN C:\WINDOWS\SYSTEM32\CONFIG\NETLOGON.DNS C:\WINDOWS\SYSTEM32\CONFIG\NETLOGON.DNS.OLD

6). NET START NETLOGON

7). NETDOM RESETPWD /server:YourOtherdomain-contoller /UserD:<administrator> /PasswordD:*

replace YourOtherdomain-contoller with name of any other domain controller preferably PDC.
replace <administrator> with the name of adminitrative privilege account

8). You will prompted to provide the password for the administrator account.

9). After the command finishes no need to start the KDC service now.. restart the server.. KDC will start at boot up.

0
 
ashutoshsapreCommented:
Hey sorry I forgot while typing the solution that this is for member serevrs, and I specified the steps for domain controller.
For member servers you can skip the command  NET STOP KDC
Also you can skip the klist step, but It wouldn't harm. Rest of the steps are same.
0
 
FemSteenkampCommented:
make sure that times are properly in sync between Dc's and servers ( verify the timezones etc)
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 3
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now