Solved

NETLOGON Error 5783 and no other symptoms

Posted on 2013-11-05
1
6,367 Views
Last Modified: 2014-10-11
Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5783
Date:            11/4/2013
Time:            4:52:57 PM
User:            N/A
Computer:      THISSERVER
Description:
The session setup to the Windows NT or Windows 2000 Domain Controller \\DC02.DOMAIN.com for the domain DOMAIN is not responsive.  The current RPC call from Netlogon on \\THISSERVER to \\DC02.DOMAIN.com has been cancelled.

I'm seeing this logged 4-5x a day on various servers in the domain..  Everything is on 1918 space with two DCs and an open firewall policy.  I cant find any other symptoms besides the error.  Its occasionally triggered with an RDC login but everything seems to work fine.  

The two DCs are in sync and show no corresponding errors.  DCDIAG is totally clean, everything passes.   The unc paths in the error are reachable as well and RPC is listening.  The client mentioned slow login times but I've been unable to reproduce that myself, and I'm not sure its related to these errors.

The DCs are running Win2012 and most of the members are 2k3R2.  Member DNS is pointed to both DCs and nothing else.  Nslookups work as expected and can query DNS records on the domain

I'm also seeing this get logged about once a day, though unsure if its related:

Event Type:      Warning
Event Source:      LSASRV
Event Category:      SPNEGO (Negotiator)
Event ID:      40960
Date:            11/4/2013
Time:            7:39:51 AM
User:            N/A
Computer:      THISSERVER
Description:
The Security System detected an authentication error for the server cifs/DC02.DOMAIN.com.  The failure code from authentication protocol Kerberos was "The time at the Primary Domain Controller is different than the time at the Backup Domain Controller or member server by too large an amount.
 (0xc0000133)".

Again, it doesnt seem to impact anything - it just gets logged.  The clocks are perfectly in sync when this happens.

So far I have tried:

- this hotfix: http://support.microsoft.com/kb/979159
- disabled msrpc alg filtering on the fw
- disabled ipv6 on the DCs
- disabled tcp chimney offload and rss on the 2k3 member
- reconfigured ntp on the DCs

Nothing has had any effect on the errors.   I'm not convinced theres anything wrong with this but the client is very sensitive to errors and I'd like to get them sorted out.  However, without any real symptoms to troubleshoot I'm not sure where to go next.
0
Comment
Question by:hmsinfra
1 Comment
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 500 total points
ID: 39626148
Event ID: 5783
 Source: NETLOGON

Troubleshooting Steps:
 
1.Make sure you have correct DNS settings. http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
 
2.Enabling WINS or NetBIOS over TCP/IP in the TCP/IP Advanced Settings may also resolve this issue, especially you have WAN/VPN conenction. However, if the WINS or NetBIOS over TCP/IP works in a LAN, you do have DNS issue.
 
3.You may receive this error when there is network connection issue or the DNS server is not able for access.
 
4. A third-party firewall program like Norton Security that is installed on the computer is blocking DNS queries.
 
5.Refer this link also http://www.eventid.net/display.asp?eventid=5783&eventno=1024&source=NETLOGON&phase=1

Verify that ports greater than 1024 are not blocked. Clients connect to RPC Endpoint Mapper on port 135. RPC Endpoint Mapper then tells the client which randomly assigned port between 1024-65535 a requested service is listening on. The ports may be blocked by a hardware firewall, a Internet Connection Firewall on Windows Server 2003-based computer and on a Windows XP-based computer, third-party firewall software, or antivirus software that has firewall functionality built-in. By default, port 135 TCP/UDP and ports 1024-65535 TCP must be open for RPC to work.

Active Directory Firewall Ports - Let's Try To Make This Simple
http://msmvps.com/blogs/acefekay/archive/2011/11/01/active-directory-firewall-ports-let-s-try-to-make-this-simple.aspx

It seems there is time sync issue beetween DCs as below indicates the same.
http://alicain.blogspot.in/2008/09/lsasrv-spnego-eventid-40960.html

"The time at the Primary Domain Controller is different than the time at the Backup Domain Controller or member server by too large an amount"


Configure authorative time server on the PDC role holder server below is the KB article for the same.http://support.microsoft.com/kb/816042.if the server is configured as VM then you need to disable time sync from host to server.http://msmvps.com/blogs/acefekay/archive/2011/08/23/virtualizing-domain-controllers-and-the-windows-time-service.aspx

If there is any third party software installed on server for time sync remove the same.Also check there is no GPO configured for time sync.If configured remove the same.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Synchronize a new Active Directory domain with an existing Office 365 tenant
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now