Share via

Event ID 5774 Netlogon

Question

Wednesday, May 16, 2018 2:26 PM

The dynamic registration of the DNS record '_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.domain1.local. 600 IN SRV 0 100 389 DNS-DC2.domain1.local.' failed on the following DNS server:  

DNS server IP address: 192.168.200.80 
Returned Response Code (RCODE): 0 
Returned Status Code: 10054  

For computers and users to locate this domain controller, this record must be registered in DNS.  

USER ACTION  
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain  controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service. 
  Or, you can manually add this record to DNS, but it is not recommended.  

ADDITIONAL DATA 
Error Value: An existing connection was forcibly closed by the remote host.

I ran dcdiag and everything looked good except for this:

                                                                

Running enterprise tests on : domain1.local

      Starting test: DNS

         Test results for domain controllers:

            DC: DNS-DC2.domain1.local

            Domain: domain1.local

               TEST: Delegations (Del)
                  Error: DNS server: fileserver.domain1.local.

                  IP:192.168.200.21

                  [Broken delegated domain _msdcs.domain1.local.]

         Summary of test results for DNS servers used by the above domain

         controllers:

            DNS server: 192.168.200.21 (fileserver.domain1.local.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.200.21               
         Summary of DNS test results:

I'm new to this job so I asked someone and this device fileserver.domain1.local was their old DC that was decommissioned.  I've verified it is no longer on the network.

I'm not sure if this is related to the original Event ID error that was logged though.

Ok, I found where this error was being generated.  In DNS under domain1.local>_msdcs it still had the entry for fileserver.domain1.local.  I've updated that to the correct server.

All replies (7)

Thursday, May 17, 2018 6:04 AM

Hi,

Thanks for your question.

Please try the following steps to see if it could fix this issue.

1. On the machine logging the above event, in their TCP/IP configuration, make sure they’re not configured for the same DNS server for both Primary and Secondary.

2. The following registry value is incorrect: “SiteCoverage” under:

**    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters**

    This value typically should equal the domain name.

3. Change the zone type from Active Directory integrated to "Standard Primary", then stop & start DNS. Then stop & start the netlogon service on the DC to verify that the records are registered. If so, then change the zone type back to Active Directory integrated and verify that the DC no longer records the Eveny log errors when the netlogon service is stopped & started.

4. Make sure the machine logging the above event is pointing to a DNS server that support Dynamic updates and is hosting a zone for the domain (i.e. make sure it’s not pointing to the ISPs DNS server).

Please refer to the following link for more information,

Event 5774, NETLOGON

https://social.technet.microsoft.com/Forums/windowsserver/en-US/0507f7cc-c426-439b-a0c6-d36cda2dfee8/event-5774-netlogon?forum=winserverNIS

Netlogon event 5774

https://social.technet.microsoft.com/Forums/windowsserver/en-US/cf5c1e9e-dccb-45e2-9f14-144f8ba1f838/netlogon-event-5774?forum=winservergen

Hope this helps. I look forward hearing your good news. If you have any questions, please feel free to let me know.

Have a nice day!

Best regards,

Michael

Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]

Friday, May 18, 2018 12:54 PM

Hi,

How are things going on? Was the issue resolved?

Please let me know if you would like further assistance.

Best regards,

Michael

Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]

Monday, May 21, 2018 2:30 PM

Hi,

Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

Best Regards,

Michael

Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]

Monday, May 21, 2018 11:42 PM

Hi,

Had this issue, the below fixed it (after many sleepless nights!)

Hi,

To anyone that is interested, this fixed my problem :

According to your description, I understand that your Windows 2008 server keep receiving Event ID: 5774.

 

These events are typically logged with other events that may that may give clues to the problem. In general, these events indicates that the machine is unable to register its records with the DNS server it's configured to register with.

 

Please check the following steps whether it fixes your issue.

  1. On the machine logging the above event, in their TCP/IP configuration, make sure they’re not configured for the same DNS server for both Primary and Secondary.

  2. The following registry value is incorrect: “SiteCoverage” under:
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
        This value typically should equal the domain name.

  3. Change the zone type from Active Directory integrated to "Standard Primary", then stop & start DNS. Then stop & start the netlogon service on the child DC & 
        verify that the records are registered. If so, then change the zone type back to Active Directory integrated and verify that the DC no longer records the Eveny log 
        errors when the netlogon service is stopped & started.

  4. Make sure the machine logging the above event is pointing to a DNS server that support Dynamic updates and is hosting a zone for the domain (i.e. make sure it’s 
        not pointing to the ISPs DNS server).

  5. verify if there is a CName (or other record) for the same hostname that was manually entered and is preventing a dynamic host registration. Remove the manual record.

 

6. Parent / child domain. The above event was logged on the domain controllers in the child domain.
    Setup:
    On the parent DNS servers, there is a delegation down to the child DNS servers. The child DNS servers have forwarders up to the parent DNS servers.
    Cause and Fix:
    On the Security tab in the delegations, check if  “Authenticated Users” is missing. 
   Added “Authenticated Users” and enabled Full Control.

 

7. Domain Controller Generates a Netlogon Error Event ID 5774

    http://support.microsoft.com/?id=284963

Monday, May 21, 2018 11:43 PM

credit : 

Best Regards,

Wilson Jia

Monday, May 28, 2018 1:58 PM

Hi,
Could the above reply be of help? If yes, you may mark it as answer, if not, feel free to feed back
Best Regards,
Michael

Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]

Tuesday, June 5, 2018 8:53 PM

Sorry it has taken me so long to reply.

1. No, this DC is pointing to the other DC for it's primary DNS and itself for the secondary DNS.

2. There is no option for "Site Coverage" under parameters.

3.  I'll test this later and get back with you

4.  Yes, it is pointing to a server that has dynamic updates (secure only).

I checked the other DC and it doesn't have the "Site Coverage" under parameters either.