Good morning! We have an issue whose prevalence is know back to the NT 4x days. The issue appears as the following: 1 - we have to DC's (Windows 2008 R2) 2 - The forest is Windows 2008 R2 3 - One DC runs some of the FSMO roles including the PDC emulator (we'll call this server: Dopey). 4 - The other DC (we'll call Doc) runs the infrastructure role. The issue. 1 - With two DC's, we believe we can shut down either one without collateral damage to the login activities. 2 - However. when we we reboot Dopey, we receive the event ID as listed in the question header. The question is: Is this just a normal occurance of the reboot process, or is there something more involved going on here? Thank you.

Hello Thanks for posting! These are usually the causes behind this error also see the solutions belwo- Cause 1 - This issue may occur if you are using a Gigabit network adapter and if the Netlogon service starts before the network is ready. Cause 2 - Solutions that verify the health of the new network member may cause an extended delay in getting clearance on the network to access Domain Controllers. Cause 3 - This issue may occur if the 802.1X authentication process delays connections to the domain controllers. Cause 4 - The client has a delay retrieving an IP address from the DHCP server and is delayed bringing up the network interface because of that. ======================================== Resolution 1 - To resolve this issue, install the most current driver for the Gigabit network adapter. Another approach may be to enable the "PortFast" option on the network switches. Resolution 2 - Set this registry entry to a value that is safely beyond the time it takes to retrieve a working IP address: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters Value Name: ExpectedDialupDelay Data Type: Reg_Dword Data Value is in seconds (default = 0) Data Range is between 0 and 600 seconds (10 minutes) Also configure this setting (details in KB 244474): HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\ Kerberos\Parameters MaxPacketSize to 1 Resolution 3 - Acconrding to KB 239924, disable media sense for TCP/IP: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters Add the following registry value: Value Name: DisableDHCPMediaSense Data Type: REG_DWORD -Boolean Value Data: 1 (False, True) Default: 0 (False) Resolution 4 - There is a known problem with DHCP client code in Windows 7. A hotfix is going to be released using this KB article: http://support.microsoft.com/?kbid=2459530 (http://support.microsoft.com/?kbid=2459530) Resolution 5 - To resolve this issue, reduce the Netlogon negative cache period (the NegativeCachePeriod registry entry). When you do this, the Netlogon service does not behave as if the domain controllers are offline for 45 seconds. The event 5719 is still logged, but there is little negativ eside-effect from that. The setting enables domain controllers to connect earlier. Source - http://support.microsoft.com/kb/938449 ======================================== Also see - http://social.technet.microsoft.com/wiki/contents/articles/2466.active-directory-event-id-5719-source-netlogon-dsforum2wiki.aspx http://support.microsoft.com/kb/2459530 http://www.eventid.net/display.asp?eventid=5719&eventno=104&source=NETLOGON&phase=1 Sachin Gadhave MCP, MCSA, MCTS

Can you please post the detailed info of event ID:5719 like source and description of event ID. or else give more details like what are all the FSMO roles of "dopey" server having.? Also run netdom query fsmo in the command prompt of dopey server and post it here again. Regards, Ravikumar P

Hello Thanks for posting! These are usually the causes behind this error also see the solutions belwo- Cause 1 - This issue may occur if you are using a Gigabit network adapter and if the Netlogon service starts before the network is ready. Cause 2 - Solutions that verify the health of the new network member may cause an extended delay in getting clearance on the network to access Domain Controllers. Cause 3 - This issue may occur if the 802.1X authentication process delays connections to the domain controllers. Cause 4 - The client has a delay retrieving an IP address from the DHCP server and is delayed bringing up the network interface because of that. ======================================== Resolution 1 - To resolve this issue, install the most current driver for the Gigabit network adapter. Another approach may be to enable the "PortFast" option on the network switches. Resolution 2 - Set this registry entry to a value that is safely beyond the time it takes to retrieve a working IP address: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters Value Name: ExpectedDialupDelay Data Type: Reg_Dword Data Value is in seconds (default = 0) Data Range is between 0 and 600 seconds (10 minutes) Also configure this setting (details in KB 244474): HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\ Kerberos\Parameters MaxPacketSize to 1 Resolution 3 - Acconrding to KB 239924, disable media sense for TCP/IP: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters Add the following registry value: Value Name: DisableDHCPMediaSense Data Type: REG_DWORD -Boolean Value Data: 1 (False, True) Default: 0 (False) Resolution 4 - There is a known problem with DHCP client code in Windows 7. A hotfix is going to be released using this KB article: http://support.microsoft.com/?kbid=2459530 (http://support.microsoft.com/?kbid=2459530) Resolution 5 - To resolve this issue, reduce the Netlogon negative cache period (the NegativeCachePeriod registry entry). When you do this, the Netlogon service does not behave as if the domain controllers are offline for 45 seconds. The event 5719 is still logged, but there is little negativ eside-effect from that. The setting enables domain controllers to connect earlier. Source - http://support.microsoft.com/kb/938449 ======================================== Also see - http://social.technet.microsoft.com/wiki/contents/articles/2466.active-directory-event-id-5719-source-netlogon-dsforum2wiki.aspx http://support.microsoft.com/kb/2459530 http://www.eventid.net/display.asp?eventid=5719&eventno=104&source=NETLOGON&phase=1 Sachin Gadhave MCP, MCSA, MCTS

NETLOGON(5719 - None): This computer was not able to set up a secure session with a domain controller in domain yyy due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise this computer sets up the secure session to any domain controller in the specified domain. Type: System ntevl 04/26/12 11:09:16

Wow! Thanks for the quick response! I will try this and let you know.

Hi Moe, As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as Answered as the previous steps should be helpful. If the issue still persists, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish. BTW, wed love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts. Best Regards KevinTechNet Community Support

Good evening. Certainly. Sorry it's taken me so long to reply. I think we're good now. Thanks for the help!