Solved

NETLOGON errors, computers don't exist

Posted on 2012-12-20
21
2,459 Views
Last Modified: 2013-01-11
Hello,

Active Directory in 2008 R2. vmware view is also on site with VDI's for thin clients.

I'm getting the following 3 errors respectively:

Log Name:      System
Source:        NETLOGON
Date:          12/20/2012 5:32:10 PM
Event ID:      5807
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      computer.domain.local
Description:
During the past 4.12 hours there have been 3 connections to this Domain Controller from client machines whose IP addresses don't map to any of the existing sites in the enterprise. Those clients, therefore, have undefined sites and may connect to any Domain Controller including those that are in far distant locations from the clients. A client's site is determined by the mapping of its subnet to one of the existing sites. To move the above clients to one of the sites, please consider creating subnet object(s) covering the above IP addresses with mapping to one of the existing sites.  The names and IP addresses of the clients in question have been logged on this computer in the following log file '%SystemRoot%\debug\netlogon.log' and, potentially, in the log file '%SystemRoot%\debug\netlogon.bak' created if the former log becomes full. The log(s) may contain additional unrelated debugging information. To filter out the needed information, please search for lines which contain text 'NO_CLIENT_SITE:'. The first word after this string is the client name and the second word is the client IP address. The maximum size of the log(s) is controlled by the following registry DWORD value 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\LogFileMaxSize'; the default is 20000000 bytes.  The current maximum size is 20000000 bytes.  To set a different maximum size, create the above registry value and set the desired maximum size in bytes.

Log Name:      System
Source:        NETLOGON
Date:          12/20/2012 5:39:06 PM
Event ID:      5723
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      computer.domain.local
Description:
The session setup from computer 'VDI-4' failed because the security database does not contain a trust account 'VDI-4$' referenced by the specified computer.  

USER ACTION  
If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time.  If this is a Read-Only Domain Controller and 'VDI-4$' is a legitimate machine account for the computer 'VDI-4' then 'VDI-4' should be marked cacheable for this location if appropriate or otherwise ensure connectivity to a domain controller  capable of servicing the request (for example a writable domain controller).  Otherwise, the following steps may be taken to resolve this problem:  

If 'VDI-4$' is a legitimate machine account for the computer 'VDI-4', then 'VDI-4' should be rejoined to the domain.  

If 'VDI-4$' is a legitimate interdomain trust account, then the trust should be recreated.  

Otherwise, assuming that 'VDI-4$' is not a legitimate account, the following action should be taken on 'VDI-4':  

If 'VDI-4' is a Domain Controller, then the trust associated with 'VDI-4$' should be deleted.  

If 'VDI-4' is not a Domain Controller, it should be disjoined from the domain.


Log Name:      System
Source:        NETLOGON
Date:          12/20/2012 8:46:03 PM
Event ID:      5805
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      computer.domain.local
Description:
The session setup from the computer VDI-4 failed to authenticate. The following error occurred:
Access is denied.


The problem, is that these computers do not exist in Active Directory. I removed them from DNS, and they came back. What am I missing?
0
Comment
Question by:Metaltree
  • 10
  • 7
  • 3
  • +1
21 Comments
 
LVL 17

Expert Comment

by:Kent Dyer
ID: 38711873
Check your DNS records for tombstones and/or GUIDs that don't make sense.  Any that appear odd or out of the ordinary, you will need to either remove or update.

You may also have to force replication before the grovler comes and gets out-of-date information for your DCs..

HTH,

Kent
0
 
LVL 5

Author Comment

by:Metaltree
ID: 38711889
Kent,

I created a text file in the netlogon share and I noticed it wasn't showing up on the other DC's. I'm currently doing a D2 BurFlag to see if the non-authoritative restore possibly ends all my problems. Sound like a good plan?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 38712897
Good start here are the steps

Run through the burflag method to get the replication to start again chose the one DC that is not having issues which is usally your DC that holds the PDC emulator role

Stopped NTFRS service on both DCs.
Make one of the DC authoritative server by modifying registry setting : Navigate to registry HKLM\System\CCS\Services\NTFRS\Parameters\CumlativeReplicaSets and Set the Burflags value to D4. This should be done with server which has the Updated information available or correct data.

Go to the other DCs and make them Non-authoritative by navigating to same registry location HKLM\System\CCS\Services\NTFRS\Parameters\CumlativeReplicaSets and Set the Burflags value to D2.

Restart NTFRS services
0
 
LVL 5

Author Comment

by:Metaltree
ID: 38712997
I did the d2 burflag on the problem DC. The other DCs.. (DC1 and DC3) are fine and replicating with each other fine. However, DC2 is not, but nothing in event viewer that says its not working.

Is it necessary to do an authoritative restore on one of the other DCs if they are working properly?
0
 
LVL 3

Expert Comment

by:gaurav2rawat
ID: 38713042
run net share netlogon to check if its fne on the problematic  dc, and also try repadmin /showreps it'll show if any issues with the replication.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 38713107
You need to get the SYSVOL replicated so, follow the steps I posted this will replicate the data from a working DC to the DC that is not working
0
 
LVL 5

Author Comment

by:Metaltree
ID: 38713645
I have verified replication is working on all DCs. I'm still getting these phantom NETLOGON errors.

What next?
0
 
LVL 3

Expert Comment

by:gaurav2rawat
ID: 38713668
Do you have any frs errors logged on the dc in question and is your netlogon folder shared there?
0
 
LVL 5

Author Comment

by:Metaltree
ID: 38713683
No errors, and sysvol is replicated properly across all DCs.

It's weird because:
1. I have confirmed these devices do NOT exist in AD.
2. I manually removed all entries of phantom devices in DNS, I've confirmed on all 3 servers they do not exist, BUT...
3. Even after a dns flush, I'm still able to resolve these host names when I try to ping them, obviously I get no response to the ping.
4. Replication is working.
0
 
LVL 3

Expert Comment

by:gaurav2rawat
ID: 38713698
try running dcdiag /test:dns and look for any errors reported and please givemore details about computer.domain.local.
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 250 total points
ID: 38713720
What is the system?

VDI-4

The system is some where.
0
 
LVL 3

Assisted Solution

by:gaurav2rawat
gaurav2rawat earned 250 total points
ID: 38713790
Are these phantom machines listed under active directory users and computers?
If yes then remove them from there
0
 
LVL 5

Author Comment

by:Metaltree
ID: 38714075
@darisug and @gaurav2rawat

They are non existent in any of our systems, including active directory. My guess is some one had created a virtual desktop at one point but its long gone.
0
 
LVL 5

Author Comment

by:Metaltree
ID: 38714119
@gaurav2rawat - Here are the test dns results, not sure how relevant the error is? I don't even know what server2 is, its not even in AD, and I think it was shut down a long time ago.

C:>dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = SERVER
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: SERVER
      Starting test: Connectivity
         ......................... SERVER passed test Connectivity

Doing primary tests

   Testing server: SERVER

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... SERVER passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : domain

   Running enterprise tests on : domain.local
      Starting test: DNS
         Test results for domain controllers:

            DC: SERVER.domain.local
            Domain: domain.local


               TEST: Delegations (Del)
                  Error: DNS server: server2.domain.local.
                  IP:<Unavailable> [Missing glue A record]

         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 128.9.0.107 (b.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.9.0.107
            DNS server: 198.32.64.12 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 198.32.64.12
         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: domain.local
               SERVER                      PASS PASS PASS FAIL PASS PASS n/a

         ......................... domain.local failed test DNS
0
 
LVL 3

Expert Comment

by:gaurav2rawat
ID: 38714139
You have a dns issue there try stopping and restarting netlogon,
Try ipconfig /flushdns and ipconfig /registerdns
make sure correct dns entries are present on the tcp/ip properties
Also try running netdiag /fix
0
 
LVL 5

Author Comment

by:Metaltree
ID: 38714179
I noticed under the DNS role on SERVER that:

domain.local->_msdcs

Had an old decommissioned server as the glue A record, so I updated it. And it passed.
0
 
LVL 3

Expert Comment

by:gaurav2rawat
ID: 38714198
cool  are you still getting those netlogon errors after getting rid of the dns issue?
0
 
LVL 5

Author Comment

by:Metaltree
ID: 38714267
Yes, still getting the NETLOGON errors.
0
 
LVL 3

Expert Comment

by:gaurav2rawat
ID: 38714306
0
 
LVL 5

Author Comment

by:Metaltree
ID: 38714321
Unfortunately, I don't have anything to do from a PC/laptop side, so this doesn't apply. I'm going to look at our View admin and see if I can see something
0
 
LVL 5

Author Closing Comment

by:Metaltree
ID: 38767838
Long story short, I had to go into vSphere and under our View server, hop on the console of these random VDI machines and disjoin/rejoin to the domain.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now