gaddam01
asked on
Netlogon event id 5719
Hi,
We are using Windows Server 2003 Doamin controllers. All the member servers are running on Windows 2000 and Windows 2003 OS. We are getting lot of netlogon errors event id 5719 on the member servers. Please suggest me how to resolve this. I would like to know what is the root cause of this error.
The error is given as follows.
This computer was not able to set up a secure session with the domain controller in the domain "domain name".
Summary=MS eventlog alert: Log name System - source NETLOGON - event ID 5719 - descrition This computer was not able to set up a secure session with a domain controller in domain "Domain name" due to the following: %%1311 This may lead to authentication problems.
The same error is coming for some doamin controllers also.
Please suggest me how to resolve this error. Thanks in advance.
We are using Windows Server 2003 Doamin controllers. All the member servers are running on Windows 2000 and Windows 2003 OS. We are getting lot of netlogon errors event id 5719 on the member servers. Please suggest me how to resolve this. I would like to know what is the root cause of this error.
The error is given as follows.
This computer was not able to set up a secure session with the domain controller in the domain "domain name".
Summary=MS eventlog alert: Log name System - source NETLOGON - event ID 5719 - descrition This computer was not able to set up a secure session with a domain controller in domain "Domain name" due to the following: %%1311 This may lead to authentication problems.
The same error is coming for some doamin controllers also.
Please suggest me how to resolve this error. Thanks in advance.
please check your domain controllers pointing to itself as primary DNS?
ASKER
Yes, all the domain controllers are pointing to themself as a primary DNS. What else need to be done to resolve this issue?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks. This we had already done but still no luck.
also could you please remove those giving error from domain and re-join?
ASKER
Without rejoining is there any alternative solution that we can resolve the issue??
Follow the steps below (You need to install the support tools first):
1).Download the klist tool
Windows 2000 Resource Kit Tool: Klist.exe
(This will require genuine windows check)
2). run NET STOP NETLOGON & NET STOP KDC
3).Install the tool and then browse to the directory from cmd and run
klist purge (or is it klist /purge)
4). REN C:\WINDOWS\SYSTEM32\CONFIG \NETLOGON. DNB C:\WINDOWS\SYSTEM32\CONFIG \NETLOGON. DNB.OLD
5). REN C:\WINDOWS\SYSTEM32\CONFIG \NETLOGON. DNS C:\WINDOWS\SYSTEM32\CONFIG \NETLOGON. DNS.OLD
6). NET START NETLOGON
7). NETDOM RESETPWD /server:YourOtherdomain-co ntoller /UserD:<administrator> /PasswordD:*
replace YourOtherdomain-contoller with name of any other domain controller preferably PDC.
replace <administrator> with the name of adminitrative privilege account
8). You will prompted to provide the password for the administrator account.
9). After the command finishes no need to start the KDC service now.. restart the server.. KDC will start at boot up.
1).Download the klist tool
Windows 2000 Resource Kit Tool: Klist.exe
(This will require genuine windows check)
2). run NET STOP NETLOGON & NET STOP KDC
3).Install the tool and then browse to the directory from cmd and run
klist purge (or is it klist /purge)
4). REN C:\WINDOWS\SYSTEM32\CONFIG
5). REN C:\WINDOWS\SYSTEM32\CONFIG
6). NET START NETLOGON
7). NETDOM RESETPWD /server:YourOtherdomain-co
replace YourOtherdomain-contoller with name of any other domain controller preferably PDC.
replace <administrator> with the name of adminitrative privilege account
8). You will prompted to provide the password for the administrator account.
9). After the command finishes no need to start the KDC service now.. restart the server.. KDC will start at boot up.
Hey sorry I forgot while typing the solution that this is for member serevrs, and I specified the steps for domain controller.
For member servers you can skip the command NET STOP KDC
Also you can skip the klist step, but It wouldn't harm. Rest of the steps are same.
For member servers you can skip the command NET STOP KDC
Also you can skip the klist step, but It wouldn't harm. Rest of the steps are same.
make sure that times are properly in sync between Dc's and servers ( verify the timezones etc)