Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


NETLOGON Error 5783 and no other symptoms

Posted on 2013-11-05
Medium Priority
Last Modified: 2014-10-11
Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5783
Date:            11/4/2013
Time:            4:52:57 PM
User:            N/A
Computer:      THISSERVER
The session setup to the Windows NT or Windows 2000 Domain Controller \\DC02.DOMAIN.com for the domain DOMAIN is not responsive.  The current RPC call from Netlogon on \\THISSERVER to \\DC02.DOMAIN.com has been cancelled.

I'm seeing this logged 4-5x a day on various servers in the domain..  Everything is on 1918 space with two DCs and an open firewall policy.  I cant find any other symptoms besides the error.  Its occasionally triggered with an RDC login but everything seems to work fine.  

The two DCs are in sync and show no corresponding errors.  DCDIAG is totally clean, everything passes.   The unc paths in the error are reachable as well and RPC is listening.  The client mentioned slow login times but I've been unable to reproduce that myself, and I'm not sure its related to these errors.

The DCs are running Win2012 and most of the members are 2k3R2.  Member DNS is pointed to both DCs and nothing else.  Nslookups work as expected and can query DNS records on the domain

I'm also seeing this get logged about once a day, though unsure if its related:

Event Type:      Warning
Event Source:      LSASRV
Event Category:      SPNEGO (Negotiator)
Event ID:      40960
Date:            11/4/2013
Time:            7:39:51 AM
User:            N/A
Computer:      THISSERVER
The Security System detected an authentication error for the server cifs/DC02.DOMAIN.com.  The failure code from authentication protocol Kerberos was "The time at the Primary Domain Controller is different than the time at the Backup Domain Controller or member server by too large an amount.

Again, it doesnt seem to impact anything - it just gets logged.  The clocks are perfectly in sync when this happens.

So far I have tried:

- this hotfix: http://support.microsoft.com/kb/979159
- disabled msrpc alg filtering on the fw
- disabled ipv6 on the DCs
- disabled tcp chimney offload and rss on the 2k3 member
- reconfigured ntp on the DCs

Nothing has had any effect on the errors.   I'm not convinced theres anything wrong with this but the client is very sensitive to errors and I'd like to get them sorted out.  However, without any real symptoms to troubleshoot I'm not sure where to go next.
Question by:hmsinfra
1 Comment
LVL 24

Accepted Solution

Sandeshdubey earned 1500 total points
ID: 39626148
Event ID: 5783

Troubleshooting Steps:
1.Make sure you have correct DNS settings. http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/ 
2.Enabling WINS or NetBIOS over TCP/IP in the TCP/IP Advanced Settings may also resolve this issue, especially you have WAN/VPN conenction. However, if the WINS or NetBIOS over TCP/IP works in a LAN, you do have DNS issue.
3.You may receive this error when there is network connection issue or the DNS server is not able for access.
4. A third-party firewall program like Norton Security that is installed on the computer is blocking DNS queries.
5.Refer this link also http://www.eventid.net/display.asp?eventid=5783&eventno=1024&source=NETLOGON&phase=1

Verify that ports greater than 1024 are not blocked. Clients connect to RPC Endpoint Mapper on port 135. RPC Endpoint Mapper then tells the client which randomly assigned port between 1024-65535 a requested service is listening on. The ports may be blocked by a hardware firewall, a Internet Connection Firewall on Windows Server 2003-based computer and on a Windows XP-based computer, third-party firewall software, or antivirus software that has firewall functionality built-in. By default, port 135 TCP/UDP and ports 1024-65535 TCP must be open for RPC to work.

Active Directory Firewall Ports - Let's Try To Make This Simple

It seems there is time sync issue beetween DCs as below indicates the same.

"The time at the Primary Domain Controller is different than the time at the Backup Domain Controller or member server by too large an amount"

Configure authorative time server on the PDC role holder server below is the KB article for the same.http://support.microsoft.com/kb/816042.if the server is configured as VM then you need to disable time sync from host to server.http://msmvps.com/blogs/acefekay/archive/2011/08/23/virtualizing-domain-controllers-and-the-windows-time-service.aspx

If there is any third party software installed on server for time sync remove the same.Also check there is no GPO configured for time sync.If configured remove the same.

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question