Solved

Windows 2008 Event ID 5722, 5805

Posted on 2014-03-04
10
1,814 Views
Last Modified: 2014-03-05
hi

I am getting the following event ids


Event ID: 5722
The session setup from the computer VV-HS-R107-04 failed to authenticate. The name(s) of the account(s) referenced in the security database is VV-HS-R107-04$.  The following error occurred:
Access is denied.

Event ID: 5805
The session setup from the computer VV-HS-R107-04 failed to authenticate. The following error occurred:
Access is denied.

Netlogon.log:
03/04 11:16:41 [MAILSLOT] Received ping from VV-HS-R107-04 valleyview.local. (null) on UDP LDAP
03/04 11:16:41 [MAILSLOT] VALLEYVIEW: Ping response 'Sam Logon Response Ex' (null) to \\VV-HS-R107-04 Site: Default-First-Site-Name on UDP LDAP
03/04 11:16:41 [SESSION] VALLEYVIEW: NetrServerAuthenticate entered: VV-HS-R107-04 (10.10.9.95) on account VV-HS-R107-04$ (Negot: fffff)
03/04 11:16:41 [CRITICAL] VALLEYVIEW: NetrServerAuthenticate: Bad password 0 for VV-HS-R107-04 on account VV-HS-R107-04$
03/04 11:16:41 [CRITICAL] VALLEYVIEW: NetrServerAuthenticate: Failed to authenticate VV-HS-R107-04 on account VV-HS-R107-04$
03/04 11:16:41 [SESSION] VALLEYVIEW: NetrServerAuthenticate entered: VV-HS-R107-04 (10.10.9.95) on account VV-HS-R107-04$ (Negot: fffff)
03/04 11:16:41 [CRITICAL] VALLEYVIEW: NetrServerAuthenticate: Bad password 0 for VV-HS-R107-04 on account VV-HS-R107-04$
03/04 11:16:41 [CRITICAL] VALLEYVIEW: NetrServerAuthenticate: Bad password 0 for VV-HS-R107-04 on account VV-HS-R107-04$
03/04 11:16:41 [CRITICAL] VALLEYVIEW: NetrServerAuthenticate: Failed to authenticate VV-HS-R107-04 on account VV-HS-R107-04$

I seem to be getting a lot of these.  How can I resolve them

Thank you for your help in advance
0
Comment
Question by:thomasm1948
  • 6
  • 4
10 Comments
 
LVL 36

Expert Comment

by:Mahesh
ID: 39904045
I think this is known issue and below articles explain this issue

You need to identify which article suites you and then take actions accordingly

http://support.microsoft.com/kb/942564

http://support.microsoft.com/kb/810977

Mahesh
0
 

Author Comment

by:thomasm1948
ID: 39904074
I ran the following:

C:\>nltest /time:1CF334E 73ECBC44
01cf334e 73ecbc44 = 6/3/28071 22:48:3
The command completed successfully


The date and time are incorrect.  What can be causing this
0
 

Author Comment

by:thomasm1948
ID: 39904088
Is there a tool that can check for duplicate names.  I tried to use NTDSUtil and did a check for duplicate SIDs and it found nothing
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 36

Expert Comment

by:Mahesh
ID: 39904103
Is your DC is in correct time zone ?
0
 

Author Comment

by:thomasm1948
ID: 39904212
Yes it is.

The following command seems to work

C:\>nltest /server:VV-HS-R107-04 /sc_query:valleyview.local
Flags: 30 HAS_IP  HAS_TIMESERV
Trusted DC Name \\VV-HS-DC01.valleyview.local
Trusted DC Connection Status Status = 0 0x0 NERR_Success
The command completed successfully

Is there a tool that I can run against AD to find all of the computers that may have this issue.  Its not a SID issue but I think there might be a computer in AD where one  of their attributes in ADSIedit might have the same name (servicePrincipalName)
0
 

Author Comment

by:thomasm1948
ID: 39904324
I did the above command incorrectly

C:\>nltest /time:73ECBC44 1CF334E
73ecbc44 01cf334e = 2/26/2014 18:57:06
The command completed successfully

I get this.  Now I do know that the computer was reimaged around then
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39904368
You can enable netlogon debug logging on DC
Follow below article to enable debug logging
http://support.microsoft.com/kb/109626

Then you can find computers whose secure channel is broken in debug logs

There are several ways to reset this secure channel and resolve the login issue,
 
1) Active Directory Users and Computers
If you have access to the AD Users and Computers MMC, you can reset the secure channel by finding the computer object in question, right-clicking on it and choosing Reset Account. Resetting a computer account will break that computer's connection to the domain and will require that computer to rejoin the domain.  

2) Netdom.exe
You can reset the secure channel from the command prompt with the Netdom command as follows :

netdom reset machinename /domain:domainname

replacing machinename with your computer name and domainname with your domain name

You can run this command on machinename itself, or from any other computer or domain controller as long as you are logged in with an account that has admin priviledges to the machinename computer.

The following command tests the secure channel for a computer:
> nltest /server:<ComputerName> /sc_query:<DomainName>

The following command resets the secure channel for a computer:
> nltest /server:<ComputerName> /sc_reset:<DomainName>

To reset the SC between a computer and a DC with Powershell

Open PowerShell on the computer and run

Test-ComputerSecureChannel -repair

*The cmdlet requires PowerShell 2.0, which is pre-installed on Win7/2008R2.

Mahesh
0
 

Author Comment

by:thomasm1948
ID: 39904399
I have the netlogon debug turned on.  So it looks like the only way to resolve this issue is to rejoin the computer to the domain.  

Is there a tool out there that I can run to view all of the computers that may have this issue or do I just have to keep on reviewing the event viewer and the netlogon.log?
0
 
LVL 36

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39905712
Yes, ultimately you don't have to rejoin computer every time to domain unless you use computer account reset method through ADUC
The other method (netdom) do not require to rejoin domain

I am not aware with any tool which explicitly designed for your purpose
The best option I can see is to rely on netlogon.log or you can use MS event Comb tool to fetch related events from DC and correct the issue on affected computers

http://www.microsoft.com/en-in/download/details.aspx?id=18465 - download link
http://support.microsoft.com/kb/824209 - How to use the EventCombMT utility to search event logs for account lockouts

Also
On affected computer please open Advanced Tcp/IP settings and check DNS Tab.
In DNS tab, check below settings.
ensure that "Append Primary and connection specific dns suffixes" radio button is selected
Ensure that "Append parent suffixes of primary dns suffix" checkbox is selected
Ensure that "register this connection addresses in Dns" checkbox is selected
If there is any deviation in the above settings, its probably you will face name resolution issues

Mahesh
0
 

Author Closing Comment

by:thomasm1948
ID: 39906132
Excellent.  Thank you for all of your help
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question