Event ID 5783, Followed by 5719 NETLOGON. Exchange Server 2007

I am having a strange issue only during business hours M-F on an exchange server to where the server goes unresponsive. I cannot RDP into it. Only way I can resolve is by Hard powering it down or I just found I can use PStools to shut down the Store and Edge transport, then i can send a psshutdown command to reboot the server. 5783 and 5719 is in event logs when this happens

Windows Domain environment:
DC is a 2008 Server Enterprise. 8GB Ram (32 Bit version)
Exchange is on a separate server running 2008 Enterprise. 8GB Ram also. It's actually the same server type. Dell PowerEdge 2950 (64 bit Version)
There is a 2003 Standard Server Running DNS and not Active directory.
No Other DC's in the Domain.

What I have Done so far:
Creted ExpectedDialupDelay Registry Key and set to 2 minutes. Saw this here. https://technet.microsoft.com/en-us/library/Cc957332.aspx
Updated NIC Drivers on the Exchange Server.
Checked all DNS settings and no reported errors. DCdiag checks out good from DC. I do not get any errors on the DC at the same times the Exchange server comes up with the 5783 and 5719 on Exchange.
Found this article, https://social.technet.microsoft.com/Forums/windowsserver/en-US/a7ac7220-8a5a-46a2-9898-9f32cdf7bdd8/netlogon-error-5783-on-exchange-server-2010-to-server-2008-r2-domain
but everything seems to check out with DNS and all the CA certificates are valid.

Trends:
This started last week on 7/28/15 and has been happening daily during business hours. Mostly in the morning, but on Friday, it did happen in the late afternoon, but I did reboot the server that Friday morning before everyone got in. This weekend the event did not happen at all. Happened this morning.
After I see the 5783, 5719 events I see an event ID 7. (The digitally signed Privilege Attribute Certificate (PAC) that contains the authorization information for client <user> in realm <Domain>.LOCAL could not be validated.This error is usually caused by domain trust failures; please contact your system administrator.

I am not sure the event ID 7 is relevant, but I am running out of ideas.
atiswAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AmitIT ArchitectCommented:
Cannot RDP? What error you are getting? Also, did you tried with another ID to RDP same server?
0
atiswAuthor Commented:
We manage this customer remotely. I have a Bomgar jump client so I can get to the console, but it won't connect when this happens. for RDP, I remotely log in to another servers console that is on same network and attempt RDP, but it never logs in. Just spins "welcome". I have to use pskill to kill the Store.exe and Edge transport and then I can remotely reboot it with commands. Not being able to RDP is not the main issue. The issue is when i get these event ID's I can no longer access the server unless I perform the above steps. Outlook clients can also not send mail. It hoses the Exchange services when I get NETLOGON Errors and reboot is only fix right now. So far it has only happened once a day.
0
AmitIT ArchitectCommented:
From your above description, server seems to be running with low hardware. It need more memory and CPU's. First step, you add extra memory to this server 8GB is very low. Next, what all process are running on this server apart from Exchange, like backup, antivirus etc. You might need to check there schedules also, if some 3rd part tool is running that time. Review system logs during same period.

Why more Ram?
As Exchange uses maximum resources by design and releases resources for other process. In your case, as server is low with memory, it is unable to release memory for other processes. Once you kills or stop Exchange process, your server is getting memory to run those process, like RDP.
0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

atiswAuthor Commented:
Makes sense. These servers have been in place for over 5 years and haven't had any issues in a while. Nothing new has been installed. It runs exchange only. We use MailMarshall SMTP for Spam and ESET AV. That's really about it. We are in the works of getting these replaced, but wanted to come up with a solution where I don't have to do this process everyday of rebooting the server.
0
atiswAuthor Commented:
Amit, I thank you for your input, but I think we are on the wrong track here. The server was scoped 5 years ago with theses specs and has ran solid until now. Adding more Ram will probably help the performance, but I really don't think it will cure the NETLOGON issue that I am having. These servers are due for replacement in December so the customer won't go for adding more RAM to server.
0
AmitIT ArchitectCommented:
Ok you do this, you login and then disconnect your session. If you see same issue again, check CPU and RAM usage on server. From my experience, it looks to me resource issue. I understand your situation, however you need to also look into usage increase in last 5years. I assume most of your users are using handheld devices for emails. That add lot of extra load on server, especially with IOS, I have seen several issue on Exchange servers. You can use Exmon to check which user is generating maximum load and what devices they are using to connect.

It is more investigation issue now. I might also check GPO's, if any new GPO or any new software or patch install on this server.
0
atiswAuthor Commented:
Thanks for your help. I will need to prove to them the server needs more RAM or we are going to keep having issues. Today it did not lock up. I rebooted the server before they came in so this is probably why. I'll keep you informed.
0
AmitIT ArchitectCommented:
You can schedule automatic restate using task scheduler
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
atiswAuthor Commented:
Yes, I was thinking I may have to do that to get by until I replace the servers.
0
AmitIT ArchitectCommented:
I myself is doing for on of my client. Restart every night. As they don't want to invest, on new server now. Sometime workaround is the right way.

Let me know, if you need more help for this question.
0
atiswAuthor Commented:
I have not tried the RAM yet, but I bet that will fix it. i am going to accept the solution as this server needs more RAM
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.