NETLOGON Event ID 5782

i am getting NETLOGON Event ID 5782 error every days least 5 - 9 times.  I ran dcdiag /v c:\dcdiag.txt and can't find anything wrong. everything seems pass the test.  See below and would you tell me what is missing here or issue?

Thanks


Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   * Verifying that the local machine DC02, is a Directory Server. 
   Home Server = DC02

   * Connecting to directory service on server DC02.

   * Identified AD Forest. 
   Collecting AD specific global data 
   * Collecting site info.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=test,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded 
   Iterating through the sites 
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=com
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=HarbourView,CN=Sites,CN=Configuration,DC=test,DC=com
   Getting ISTG and options for the site
   * Identifying all servers.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=test,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers 
   Getting information for the server CN=NTDS Settings,CN=MAIN,CN=Servers,CN=HarbourView,CN=Sites,CN=Configuration,DC=test,DC=com 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=com 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=com 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=HVDC1,CN=Servers,CN=HarbourView,CN=Sites,CN=Configuration,DC=test,DC=com 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.

   * Found 4 DC(s). Testing 1 of them.

   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\DC02

      Starting test: Connectivity

         * Active Directory LDAP Services Check
         Determining IP4 connectivity 
         * Active Directory RPC Services Check
         ......................... DC02 passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\DC02

      Starting test: Advertising

         The DC DC02 is advertising itself as a DC and having a DS.
         The DC DC02 is advertising as an LDAP server
         The DC DC02 is advertising as having a writeable directory
         The DC DC02 is advertising as a Key Distribution Center
         Warning: DC02 is not advertising as a time server.

         The DS DC02 is advertising as a GC.
         ......................... DC02 failed test Advertising

      Test omitted by user request: CheckSecurityError

      Test omitted by user request: CutoffServers

      Starting test: FrsEvent

         * The File Replication Service Event log test 
         ......................... DC02 passed test FrsEvent

      Starting test: DFSREvent

         The DFS Replication Event Log. 
         Skip the test because the server is running FRS.

         ......................... DC02 passed test DFSREvent

      Starting test: SysVolCheck

         * The File Replication Service SYSVOL ready test 
         File Replication Service's SYSVOL is ready 
         ......................... DC02 passed test SysVolCheck

      Starting test: KccEvent

         * The KCC Event log test
         Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
         ......................... DC02 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         Role Schema Owner = CN=NTDS Settings,CN=MAIN,CN=Servers,CN=HarbourView,CN=Sites,CN=Configuration,DC=test,DC=com
         Role Domain Owner = CN=NTDS Settings,CN=MAIN,CN=Servers,CN=HarbourView,CN=Sites,CN=Configuration,DC=test,DC=com
         Role PDC Owner = CN=NTDS Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=com
         Role Rid Owner = CN=NTDS Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=com
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=com
         ......................... DC02 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         Checking machine account for DC DC02 on DC DC02.
         * SPN found :LDAP/DC02.test.com/test.com
         * SPN found :LDAP/DC02.test.com
         * SPN found :LDAP/DC02
         * SPN found :LDAP/DC02.test.com/test
         * SPN found :LDAP/c08b3966-e504-4f59-9d03-5bf186521212._msdcs.test.com
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/c08b3966-e504-4f59-9d03-5bf186521212/test.com
         * SPN found :HOST/DC02.test.com/test.com
         * SPN found :HOST/DC02.test.com
         * SPN found :HOST/DC02
         * SPN found :HOST/DC02.test.com/test
         * SPN found :GC/DC02.test.com/test.com
         ......................... DC02 passed test MachineAccount

      Starting test: NCSecDesc

         * Security Permissions check for all NC's on DC DC02.
         The forest is not ready for RODC. Will skip checking ERODC ACEs.
         * Security Permissions Check for

           DC=ForestDnsZones,DC=test,DC=com
            (NDNC,Version 3)
         * Security Permissions Check for

           DC=DomainDnsZones,DC=test,DC=com
            (NDNC,Version 3)
         * Security Permissions Check for

           CN=Schema,CN=Configuration,DC=test,DC=com
            (Schema,Version 3)
         * Security Permissions Check for

           CN=Configuration,DC=test,DC=com
            (Configuration,Version 3)
         * Security Permissions Check for

           DC=test,DC=com
            (Domain,Version 3)
         ......................... DC02 passed test NCSecDesc

      Starting test: NetLogons

         * Network Logons Privileges Check
         Verified share \\DC02\netlogon
         Verified share \\DC02\sysvol
         ......................... DC02 passed test NetLogons

      Starting test: ObjectsReplicated

         DC02 is in domain DC=test,DC=com
         Checking for CN=DC02,OU=Domain Controllers,DC=test,DC=com in domain DC=test,DC=com on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=com in domain CN=Configuration,DC=test,DC=com on 1 servers
            Object is up-to-date on all servers.
         ......................... DC02 passed test ObjectsReplicated

      Test omitted by user request: OutboundSecureChannels

      Starting test: Replications

         * Replications Check
         * Replication Latency Check
            DC=ForestDnsZones,DC=test,DC=com
               Latency information for 7 entries in the vector were ignored.
                  7 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=DomainDnsZones,DC=test,DC=com
               Latency information for 7 entries in the vector were ignored.
                  7 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Schema,CN=Configuration,DC=test,DC=com
               Latency information for 8 entries in the vector were ignored.
                  8 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Configuration,DC=test,DC=com
               Latency information for 8 entries in the vector were ignored.
                  8 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=test,DC=com
               Latency information for 8 entries in the vector were ignored.
                  8 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         ......................... DC02 passed test Replications

      Starting test: RidManager

         * Available RID Pool for the Domain is 8100 to 1073741823
         * DC01.test.com is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 6100 to 6599
         * rIDPreviousAllocationPool is 6100 to 6599
         * rIDNextRID: 6148
         ......................... DC02 passed test RidManager

      Starting test: Services

         * Checking Service: EventSystem
         * Checking Service: RpcSs
         * Checking Service: NTDS
         * Checking Service: DnsCache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... DC02 passed test Services

      Starting test: SystemLog

         * The System Event log test
         A warning event occurred.  EventID: 0x00001696

            Time Generated: 01/05/2014   11:24:53

            Event String:

            Dynamic registration or deregistration of one or more DNS records failed with the following error: 

            TCP/IP network protocol not installed.

         Found no errors in "System" Event log in the last 60 minutes.
         ......................... DC02 passed test SystemLog

      Test omitted by user request: Topology

      Test omitted by user request: VerifyEnterpriseReferences

      Starting test: VerifyReferences

         The system object reference (serverReference) CN=DC02,OU=Domain Controllers,DC=test,DC=com and backlink on

         CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=com are correct. 
         The system object reference (serverReferenceBL)

         CN=DC02,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=test,DC=com and

         backlink on

         CN=NTDS Settings,CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=com are

         correct. 
         The system object reference (frsComputerReferenceBL)

         CN=DC02,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=test,DC=com and

         backlink on CN=DC02,OU=Domain Controllers,DC=test,DC=com are correct. 
         ......................... DC02 passed test VerifyReferences

      Test omitted by user request: VerifyReplicas

   
      Test omitted by user request: DNS

      Test omitted by user request: DNS

   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : test

      Starting test: CheckSDRefDom

         ......................... test passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... test passed test CrossRefValidation

   
   Running enterprise tests on : test.com

      Test omitted by user request: DNS

      Test omitted by user request: DNS

      Starting test: LocatorCheck

         GC Name: \\DC02.test.com

         Locator Flags: 0xe00071bc
         PDC Name: \\DC01.test.com
         Locator Flags: 0xe00031fd
         Time Server Name: \\DC01.test.com
         Locator Flags: 0xe00031fd
         Preferred Time Server Name: \\DC01.test.com
         Locator Flags: 0xe00031fd
         KDC Name: \\DC02.test.com
         Locator Flags: 0xe00071bc
         ......................... test.com passed test LocatorCheck

      Starting test: Intersite

         Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments

         provided. 
         Skipping site BranchChrch, this site is outside the scope provided by the command line arguments provided. 
         ......................... test.com passed test Intersite
January 5th, 2014 8:21pm

This one might help.

http://support.microsoft.com/kb/264539

 

 

 

Free Windows Admin Tool Kit Click here and download it now
January 6th, 2014 12:46am

I tried the suggested solution yesterday, and the server still have same warning. Just for note, my primary DNS is Hyper-V machine. is that going to be factor? DC01 is primary and DC02 is secondary. I have DC01 point to DC02 and DC02 point DC01 as primary DNS address in NIC properties.  Thanks for your help
January 7th, 2014 4:30pm

Hi,

According to your first post, there is a warning in the DCdiag result:

Dynamic registration or deregistration of one or more DNS records failed with the following error: 

TCP/IP network protocol not installed.

Please go to Network and Sharing Center on the problematic computer, and check if Internet Protocol Version 4 and Internet Protocol Version 6 exist.

In addition, since DC01 is the primary Domain Controller, I suggest you make DC01 point to itself while DC02 keep pointing to DC01 as primary DNS server.

Please let us know the outcome at your earliest convenience.

Best Regards,

Amy Wang

Free Windows Admin Tool Kit Click here and download it now
January 9th, 2014 4:46am

The IP4 and IP6 are exist and it seems operate as it supposed to be. How do I verify IP4 is working correctly?

I can browse Internet, Network, ping, and networks service such as DHCP, DNS are working.  DC02 (problematic dc) is DHCP server as well. I changed the DC01 to point it self as you suggested. I will keep monitor and let you know how it goes. Thanks for your help.


  • Edited by exlive Thursday, January 09, 2014 1:30 PM
January 9th, 2014 4:29pm

Hi,

You are very welcome.

According to your description, it seems like there isnt any problem with Protocols.

Do you have any progresses on this issue by now?

If there isnt, I suggest you perform the following steps:

    1.  Enable "Register this connection's addresses in DNS" in TCP/IP.

    2.  Enable Dynamic Updates on your DNS servers.

    3.  Run nltest.exe /dsregdns command at the command prompt to refresh the registration of all DNS records.

Here are some related links below:

Event 5782

http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows+Operating+System&ProdVer=5.2&EvtID=5782&EvtSrc=NetLogon&LCID=1033

Event ID : 5782

http://social.technet.microsoft.com/Forums/windowsserver/en-US/34e292a9-a366-4620-86ff-976151dd3980/event-id-5782?forum=winservergen

Hope this helps.

Amy

Free Windows Admin Tool Kit Click here and download it now
January 13th, 2014 1:36am

I would recommend starting with recommendations listed here: http://social.technet.microsoft.com/wiki/contents/articles/18513.active-directory-replication-issues-basic-troubleshooting-steps-single-ad-domain-in-a-single-ad-forest.aspx

For the time synchronization, I would recommend running w32tm /unregister and w32tm /register and using the GPO method mentioned here for the management of time sync: http://social.technet.microsoft.com/wiki/contents/articles/18573.time-synchronization-in-active-directory-forests.aspx

Also, make sure that Time synchronization of your VMs with hypervisor is disabled.

January 13th, 2014 5:36am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics