Event 5723 NETLOGON for AD object daily

meade470
meade470 used Ask the Experts™
on
We are receiving the following event 5723, referencing a missing AD computer object. The workstation, wfs-amcconnell does not exist (may have at one time, must have been removed from domain). What is causing this constant event error on our Windows Server 2012 R2 domain controller?

Log Name:      System
Source:        NETLOGON
Date:          8/21/2014 5:13:11 AM
Event ID:      5723
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      lii-dc02.workforce.wfs
Description:
The session setup from computer 'WFS-AMCCONNELL' failed because the security database does not contain a trust account 'WFS-AMCCONNELL$' referenced by the specified computer.  

USER ACTION  
If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time.  If this is a Read-Only Domain Controller and 'WFS-AMCCONNELL$' is a legitimate machine account for the computer 'WFS-AMCCONNELL' then 'WFS-AMCCONNELL' should be marked cacheable for this location if appropriate or otherwise ensure connectivity to a domain controller  capable of servicing the request (for example a writable domain controller).  Otherwise, the following steps may be taken to resolve this problem:  

If 'WFS-AMCCONNELL$' is a legitimate machine account for the computer 'WFS-AMCCONNELL', then 'WFS-AMCCONNELL' should be rejoined to the domain.  

If 'WFS-AMCCONNELL$' is a legitimate interdomain trust account, then the trust should be recreated.  

Otherwise, assuming that 'WFS-AMCCONNELL$' is not a legitimate account, the following action should be taken on 'WFS-AMCCONNELL':  

If 'WFS-AMCCONNELL' is a Domain Controller, then the trust associated with 'WFS-AMCCONNELL$' should be deleted.  

If 'WFS-AMCCONNELL' is not a Domain Controller, it should be disjoined from the domain.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="NETLOGON" />
    <EventID Qualifiers="0">5723</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-08-21T09:13:11.000000000Z" />
    <EventRecordID>3285</EventRecordID>
    <Channel>System</Channel>
    <Computer>lii-dc02.workforce.wfs</Computer>
    <Security />
  </System>
  <EventData>
    <Data>WFS-AMCCONNELL</Data>
    <Data>WFS-AMCCONNELL$</Data>
    <Binary>8B0100C0</Binary>
  </EventData>
</Event>

Open in new window

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
If it is not a part of a domain or does not exists in AD then check if the DNS still have the entry , if yes . please go ahead and delete the entry from DNS and see if the error goes away.

Also please make sure the replication is working fine between your domain contorller.

Below are some links which you can refer to

http://www.eventid.net/display-eventid-5723-source-NETLOGON-eventno-106-phase-1.htm

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial