Anyone encounter netlogon 5719?

By jfuller05 ·
Hey all. I'm having almost weekly NETLOGON 5719 errors on three client workstations that reads, "The computer was not able to set up a secure session with a domain controller in Contoso due to the following:
There are currently no logon servers available to service the logon request.
This may lead to authentication problems. Make sure that the computer is connected to the network. If the problem persists, please contact your domain administrator. "

Well, I work in a one man shop, I'm the only tech on site, and I can't solve this problem. What works, is simply restarting the client's computer (the three clients experience this error different from each other. They don't all have the problem at the same time) and then the problem is solved. However, I would like to stop this problem from occurring.

The software we use for work is synced with Active Directory. The client logs in to the software using her AD credentials that she used to login to the domain. When the user can't login to the software (after successfully logging in to the computer on the domain - I don't understand that) I check event viewer and there is the NETLOGON 5719 error. I can access our one and only server through the network. I can access resources on the server: the sysvol folder, netlogon share, etc. I can ping the server's IP and by it's name successfully. I can't login to the software though.

Once I restart the computer, the client can login to the software. If this is an AD netlogon error, why can the client use her same AD credentials to login to her workstation? It seems like she wouldn't be able to login to her computer. These errors didn't start happening until I replaced their 10/100 mb switch with a 1gb switch. Could that be the problem? This error didn't start appearing until a couple of days after I replaced their 10/100 mb switch with a gigabit switch.

Client workstations: Windows 7 Pro
Server: Windows Server 2008 R2

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Switch uplink is mis-negotiating at least one connection

by robo_dev In reply to Anyone encounter netlogon ...

When a device connects to an Ethernet port, it is typically set to 'Auto' so that the port speed and duplex setting can be set to be the same. If one device is set to full-duplex, and the other device sets itself to half-duplex, the link will work, but there will be CRC errors and packet loss.

Windows uses Kerberos for authentication. To be RFC-compliant, Kerberos uses UDP, which is a best-effort protocol with no mechanism to deal with out-of-order packets or fragmentation. When you get a bad network connection, such as over a VPN where there can be latency and MTU size issues, UDP will drop packets. While you can make a registry change in the workstation to make Windows use TCP for Kerberos, you should not need to do this on a LAN.

When UDP packets get dropped, Active Directory authentication starts doing weird things, as you have seen.

Your fix is to look at each ethernet connection, and set devices to a specific setting (e.g. 100/Full) and not auto.

It's also possible that your new switch is bad, or that it's just a bad patch cable.

Collapse -

Thanks robo_dev!

by jfuller05 In reply to Anyone encounter netlogon ...

I searched Microsoft for a possible answer to this problem, but didn't get any help. I'll try switching their settings to 100/full and wait for the problem to resurface. Thanks again.

Related Discussions

Related Forums