NETLOGON Error 5783 and no other symptoms

Posted on 2013-11-05
Last Modified: 2014-10-11
Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5783
Date:            11/4/2013
Time:            4:52:57 PM
User:            N/A
Computer:      THISSERVER
The session setup to the Windows NT or Windows 2000 Domain Controller \\ for the domain DOMAIN is not responsive.  The current RPC call from Netlogon on \\THISSERVER to \\ has been cancelled.

I'm seeing this logged 4-5x a day on various servers in the domain..  Everything is on 1918 space with two DCs and an open firewall policy.  I cant find any other symptoms besides the error.  Its occasionally triggered with an RDC login but everything seems to work fine.  

The two DCs are in sync and show no corresponding errors.  DCDIAG is totally clean, everything passes.   The unc paths in the error are reachable as well and RPC is listening.  The client mentioned slow login times but I've been unable to reproduce that myself, and I'm not sure its related to these errors.

The DCs are running Win2012 and most of the members are 2k3R2.  Member DNS is pointed to both DCs and nothing else.  Nslookups work as expected and can query DNS records on the domain

I'm also seeing this get logged about once a day, though unsure if its related:

Event Type:      Warning
Event Source:      LSASRV
Event Category:      SPNEGO (Negotiator)
Event ID:      40960
Date:            11/4/2013
Time:            7:39:51 AM
User:            N/A
Computer:      THISSERVER
The Security System detected an authentication error for the server cifs/  The failure code from authentication protocol Kerberos was "The time at the Primary Domain Controller is different than the time at the Backup Domain Controller or member server by too large an amount.

Again, it doesnt seem to impact anything - it just gets logged.  The clocks are perfectly in sync when this happens.

So far I have tried:

- this hotfix:
- disabled msrpc alg filtering on the fw
- disabled ipv6 on the DCs
- disabled tcp chimney offload and rss on the 2k3 member
- reconfigured ntp on the DCs

Nothing has had any effect on the errors.   I'm not convinced theres anything wrong with this but the client is very sensitive to errors and I'd like to get them sorted out.  However, without any real symptoms to troubleshoot I'm not sure where to go next.
Question by:hmsinfra
1 Comment
LVL 24

Accepted Solution

Sandeshdubey earned 500 total points
ID: 39626148
Event ID: 5783

Troubleshooting Steps:
1.Make sure you have correct DNS settings. 
2.Enabling WINS or NetBIOS over TCP/IP in the TCP/IP Advanced Settings may also resolve this issue, especially you have WAN/VPN conenction. However, if the WINS or NetBIOS over TCP/IP works in a LAN, you do have DNS issue.
3.You may receive this error when there is network connection issue or the DNS server is not able for access.
4. A third-party firewall program like Norton Security that is installed on the computer is blocking DNS queries.
5.Refer this link also

Verify that ports greater than 1024 are not blocked. Clients connect to RPC Endpoint Mapper on port 135. RPC Endpoint Mapper then tells the client which randomly assigned port between 1024-65535 a requested service is listening on. The ports may be blocked by a hardware firewall, a Internet Connection Firewall on Windows Server 2003-based computer and on a Windows XP-based computer, third-party firewall software, or antivirus software that has firewall functionality built-in. By default, port 135 TCP/UDP and ports 1024-65535 TCP must be open for RPC to work.

Active Directory Firewall Ports - Let's Try To Make This Simple 

It seems there is time sync issue beetween DCs as below indicates the same.

"The time at the Primary Domain Controller is different than the time at the Backup Domain Controller or member server by too large an amount"

Configure authorative time server on the PDC role holder server below is the KB article for the same. the server is configured as VM then you need to disable time sync from host to server.

If there is any third party software installed on server for time sync remove the same.Also check there is no GPO configured for time sync.If configured remove the same.

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

27 Experts available now in Live!

Get 1:1 Help Now