NETLOGON Error 5783 and no other symptoms

Posted on 2013-11-05
Last Modified: 2014-10-11
Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5783
Date:            11/4/2013
Time:            4:52:57 PM
User:            N/A
Computer:      THISSERVER
The session setup to the Windows NT or Windows 2000 Domain Controller \\ for the domain DOMAIN is not responsive.  The current RPC call from Netlogon on \\THISSERVER to \\ has been cancelled.

I'm seeing this logged 4-5x a day on various servers in the domain..  Everything is on 1918 space with two DCs and an open firewall policy.  I cant find any other symptoms besides the error.  Its occasionally triggered with an RDC login but everything seems to work fine.  

The two DCs are in sync and show no corresponding errors.  DCDIAG is totally clean, everything passes.   The unc paths in the error are reachable as well and RPC is listening.  The client mentioned slow login times but I've been unable to reproduce that myself, and I'm not sure its related to these errors.

The DCs are running Win2012 and most of the members are 2k3R2.  Member DNS is pointed to both DCs and nothing else.  Nslookups work as expected and can query DNS records on the domain

I'm also seeing this get logged about once a day, though unsure if its related:

Event Type:      Warning
Event Source:      LSASRV
Event Category:      SPNEGO (Negotiator)
Event ID:      40960
Date:            11/4/2013
Time:            7:39:51 AM
User:            N/A
Computer:      THISSERVER
The Security System detected an authentication error for the server cifs/  The failure code from authentication protocol Kerberos was "The time at the Primary Domain Controller is different than the time at the Backup Domain Controller or member server by too large an amount.

Again, it doesnt seem to impact anything - it just gets logged.  The clocks are perfectly in sync when this happens.

So far I have tried:

- this hotfix:
- disabled msrpc alg filtering on the fw
- disabled ipv6 on the DCs
- disabled tcp chimney offload and rss on the 2k3 member
- reconfigured ntp on the DCs

Nothing has had any effect on the errors.   I'm not convinced theres anything wrong with this but the client is very sensitive to errors and I'd like to get them sorted out.  However, without any real symptoms to troubleshoot I'm not sure where to go next.
Question by:hmsinfra
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
LVL 24

Accepted Solution

Sandeshdubey earned 500 total points
ID: 39626148
Event ID: 5783

Troubleshooting Steps:
1.Make sure you have correct DNS settings. 
2.Enabling WINS or NetBIOS over TCP/IP in the TCP/IP Advanced Settings may also resolve this issue, especially you have WAN/VPN conenction. However, if the WINS or NetBIOS over TCP/IP works in a LAN, you do have DNS issue.
3.You may receive this error when there is network connection issue or the DNS server is not able for access.
4. A third-party firewall program like Norton Security that is installed on the computer is blocking DNS queries.
5.Refer this link also

Verify that ports greater than 1024 are not blocked. Clients connect to RPC Endpoint Mapper on port 135. RPC Endpoint Mapper then tells the client which randomly assigned port between 1024-65535 a requested service is listening on. The ports may be blocked by a hardware firewall, a Internet Connection Firewall on Windows Server 2003-based computer and on a Windows XP-based computer, third-party firewall software, or antivirus software that has firewall functionality built-in. By default, port 135 TCP/UDP and ports 1024-65535 TCP must be open for RPC to work.

Active Directory Firewall Ports - Let's Try To Make This Simple 

It seems there is time sync issue beetween DCs as below indicates the same.

"The time at the Primary Domain Controller is different than the time at the Backup Domain Controller or member server by too large an amount"

Configure authorative time server on the PDC role holder server below is the KB article for the same. the server is configured as VM then you need to disable time sync from host to server.

If there is any third party software installed on server for time sync remove the same.Also check there is no GPO configured for time sync.If configured remove the same.

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read…
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question