Pages

Tuesday, August 17, 2010

Event ID: 5719, 29 Error and Event ID: 14 Warnings being logged after reboot of Windows Server

This was a problem I ran into during an OCS deployment at a client and what was interesting was that I didn’t end up solving the issue even though I knew what has happening within Windows. This client was an international engineering company with a manager who has engineering discipline that was very technical from a networking perspective so he ended up solving this during one of his management meetings. I still tease him up to this day about not paying attention during his meeting.

Problem

The following errors are logged:

Event ID: 5719 - Error

This computer was not able to set up a secure session with a domain controller in domain GENNUM due to the following:

There are currently no logon servers available to service the logon request.

This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

For more information, see Help and Support Center….

------------------------------------------------------------------------------------------------------------------------

Event ID: 14 - Warning

The time provider NtpClient was unable to find a domain controller to use as a time source. NtpClient will try again in 15 minutes.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

------------------------------------------------------------------------------------------------------------------------

Event ID: 29 - Error

The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

------------------------------------------------------------------------------------------------------------------------

Resolution

Through reviewing these logs and thinking the process through, it was obvious that upon bootup, the server wasn’t able to contact the domain controllers immediately and so caused these errors to get logged. In most cases, this wasn’t a problem because the server would be able to communicate to a domain controller a bit later but in this case, it caused the OCS services to fail on startup. While doing research, I found a few KB articles from Microsoft that hinted about NIC issues and suggested to upgrade the drivers which I don’t think was the issue. I also started logging onto other servers within the environment and noticed that all of the servers exhibited the same problem. After explaining the issue to the manager and asked him about the switches, he came back to me a few hours later, told me to try rebooting the server again and when I reviewed the logs, these errors and warnings were gone. The resolution was simple:

Spanning tree disabled or enable faststart (for Cisco).

3 comments:

Anonymous said...

In our case, barracuda firewall on win 7 applys firewall roules after bootup. as long as roules are applied, all communication is blocked. look at the firewall block log if there are some ip adresses like 169.xxx.xxx.xxx. for a short time. acticate the dhcp-client evenetr log. just look after media connect/disconnect in a short time. just check, how long it takes to receive a valid ip addres. after 25 s not receiving any ip address, windows fails with NETLOGON error message.

Anonymous said...

Thanks for the info - very helpful :)
Fixed this problem with a Windows 2003 server getting event ID 5719 on startup when connected to a Cisco Catalyst 2960-S Switch

config terminal
interface Gi1/0/19
spanning-tree portfast

Note to turn off use the command
no spanning-tree portfast

For reference
http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_53_se/command/reference/cli3.html#wp1946989

Thanks again!

Anonymous said...

Disabling the STP (Spanning Tree Protocol) in Global Settings on Dell PowerConnect 2848 switch worked for me.
Thanks.