• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3817
  • Last Modified:

Event 5723 NETLOGON for AD object daily

We are receiving the following event 5723, referencing a missing AD computer object. The workstation, wfs-amcconnell does not exist (may have at one time, must have been removed from domain). What is causing this constant event error on our Windows Server 2012 R2 domain controller?

Log Name:      System
Source:        NETLOGON
Date:          8/21/2014 5:13:11 AM
Event ID:      5723
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      lii-dc02.workforce.wfs
Description:
The session setup from computer 'WFS-AMCCONNELL' failed because the security database does not contain a trust account 'WFS-AMCCONNELL$' referenced by the specified computer.  

USER ACTION  
If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time.  If this is a Read-Only Domain Controller and 'WFS-AMCCONNELL$' is a legitimate machine account for the computer 'WFS-AMCCONNELL' then 'WFS-AMCCONNELL' should be marked cacheable for this location if appropriate or otherwise ensure connectivity to a domain controller  capable of servicing the request (for example a writable domain controller).  Otherwise, the following steps may be taken to resolve this problem:  

If 'WFS-AMCCONNELL$' is a legitimate machine account for the computer 'WFS-AMCCONNELL', then 'WFS-AMCCONNELL' should be rejoined to the domain.  

If 'WFS-AMCCONNELL$' is a legitimate interdomain trust account, then the trust should be recreated.  

Otherwise, assuming that 'WFS-AMCCONNELL$' is not a legitimate account, the following action should be taken on 'WFS-AMCCONNELL':  

If 'WFS-AMCCONNELL' is a Domain Controller, then the trust associated with 'WFS-AMCCONNELL$' should be deleted.  

If 'WFS-AMCCONNELL' is not a Domain Controller, it should be disjoined from the domain.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="NETLOGON" />
    <EventID Qualifiers="0">5723</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-08-21T09:13:11.000000000Z" />
    <EventRecordID>3285</EventRecordID>
    <Channel>System</Channel>
    <Computer>lii-dc02.workforce.wfs</Computer>
    <Security />
  </System>
  <EventData>
    <Data>WFS-AMCCONNELL</Data>
    <Data>WFS-AMCCONNELL$</Data>
    <Binary>8B0100C0</Binary>
  </EventData>
</Event>

Open in new window

0
meade470
Asked:
meade470
1 Solution
 
Prashant GirennavarCommented:
If it is not a part of a domain or does not exists in AD then check if the DNS still have the entry , if yes . please go ahead and delete the entry from DNS and see if the error goes away.

Also please make sure the replication is working fine between your domain contorller.

Below are some links which you can refer to

http://www.eventid.net/display-eventid-5723-source-NETLOGON-eventno-106-phase-1.htm
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now