Solved

NETLOGON Error 5783 and no other symptoms

Posted on 2013-11-05
1
7,192 Views
Last Modified: 2014-10-11
Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5783
Date:            11/4/2013
Time:            4:52:57 PM
User:            N/A
Computer:      THISSERVER
Description:
The session setup to the Windows NT or Windows 2000 Domain Controller \\DC02.DOMAIN.com for the domain DOMAIN is not responsive.  The current RPC call from Netlogon on \\THISSERVER to \\DC02.DOMAIN.com has been cancelled.

I'm seeing this logged 4-5x a day on various servers in the domain..  Everything is on 1918 space with two DCs and an open firewall policy.  I cant find any other symptoms besides the error.  Its occasionally triggered with an RDC login but everything seems to work fine.  

The two DCs are in sync and show no corresponding errors.  DCDIAG is totally clean, everything passes.   The unc paths in the error are reachable as well and RPC is listening.  The client mentioned slow login times but I've been unable to reproduce that myself, and I'm not sure its related to these errors.

The DCs are running Win2012 and most of the members are 2k3R2.  Member DNS is pointed to both DCs and nothing else.  Nslookups work as expected and can query DNS records on the domain

I'm also seeing this get logged about once a day, though unsure if its related:

Event Type:      Warning
Event Source:      LSASRV
Event Category:      SPNEGO (Negotiator)
Event ID:      40960
Date:            11/4/2013
Time:            7:39:51 AM
User:            N/A
Computer:      THISSERVER
Description:
The Security System detected an authentication error for the server cifs/DC02.DOMAIN.com.  The failure code from authentication protocol Kerberos was "The time at the Primary Domain Controller is different than the time at the Backup Domain Controller or member server by too large an amount.
 (0xc0000133)".

Again, it doesnt seem to impact anything - it just gets logged.  The clocks are perfectly in sync when this happens.

So far I have tried:

- this hotfix: http://support.microsoft.com/kb/979159
- disabled msrpc alg filtering on the fw
- disabled ipv6 on the DCs
- disabled tcp chimney offload and rss on the 2k3 member
- reconfigured ntp on the DCs

Nothing has had any effect on the errors.   I'm not convinced theres anything wrong with this but the client is very sensitive to errors and I'd like to get them sorted out.  However, without any real symptoms to troubleshoot I'm not sure where to go next.
0
Comment
Question by:hmsinfra
1 Comment
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 500 total points
ID: 39626148
Event ID: 5783
 Source: NETLOGON

Troubleshooting Steps:
 
1.Make sure you have correct DNS settings. http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/ 
 
2.Enabling WINS or NetBIOS over TCP/IP in the TCP/IP Advanced Settings may also resolve this issue, especially you have WAN/VPN conenction. However, if the WINS or NetBIOS over TCP/IP works in a LAN, you do have DNS issue.
 
3.You may receive this error when there is network connection issue or the DNS server is not able for access.
 
4. A third-party firewall program like Norton Security that is installed on the computer is blocking DNS queries.
 
5.Refer this link also http://www.eventid.net/display.asp?eventid=5783&eventno=1024&source=NETLOGON&phase=1

Verify that ports greater than 1024 are not blocked. Clients connect to RPC Endpoint Mapper on port 135. RPC Endpoint Mapper then tells the client which randomly assigned port between 1024-65535 a requested service is listening on. The ports may be blocked by a hardware firewall, a Internet Connection Firewall on Windows Server 2003-based computer and on a Windows XP-based computer, third-party firewall software, or antivirus software that has firewall functionality built-in. By default, port 135 TCP/UDP and ports 1024-65535 TCP must be open for RPC to work.

Active Directory Firewall Ports - Let's Try To Make This Simple
http://msmvps.com/blogs/acefekay/archive/2011/11/01/active-directory-firewall-ports-let-s-try-to-make-this-simple.aspx 

It seems there is time sync issue beetween DCs as below indicates the same.
http://alicain.blogspot.in/2008/09/lsasrv-spnego-eventid-40960.html

"The time at the Primary Domain Controller is different than the time at the Backup Domain Controller or member server by too large an amount"


Configure authorative time server on the PDC role holder server below is the KB article for the same.http://support.microsoft.com/kb/816042.if the server is configured as VM then you need to disable time sync from host to server.http://msmvps.com/blogs/acefekay/archive/2011/08/23/virtualizing-domain-controllers-and-the-windows-time-service.aspx

If there is any third party software installed on server for time sync remove the same.Also check there is no GPO configured for time sync.If configured remove the same.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question