Security reseting

Microsoft Windows server standard 2003 r...
September 11, 2009 at 13:23:57
Specs: Microsoft Windows XP Professional, 2.6 GHz / 3071 MB
In our office we have 11 computers on the network. All 11 computers are logging into the same server. All the computers are having a problem keeping connected to the server. some of the things that are happening:
1. Mapped drives will become disconnected (fixed by ipconfig /release/renew I have to do this about 10 to 15 times a day)
2. Printers will get disconnected (fixed by ipconfig /release/renew I have to do this about 10 to 15 times a day)
3. Software that is ran from the server will kick users logged into it.
4. each workstation is getting the same errors in the event log:
Event ID: 5719 netlogon
Event ID: 40961lsasrv
Event ID: 40960 lsasrv
Event ID: 3210 netlogon
Event ID: 11196 Dnsapi
Event ID: 11197 Dnsapi

Event ID: 5722 netlogon

See More: Security reseting

Report •

September 11, 2009 at 13:31:46
Sounds like a layer 1 issue. Can you do a "Ping -n 100" or what ever your server's IP is and tell us if you are getting any packet losses?

Also, can you give us some idea of your tepoligy? Are you only using one switch or multiples, is there only one NIC in your server or more than one?

Report •

September 11, 2009 at 13:52:23
no loss in packets

modem->wireless router (10/100)->switch 24 port(10/100/1000)

All computers and server is plugged into the switch

6/11 computers have gigabit cards in them.

here is a drawing of the network for you:

Report •

September 16, 2009 at 08:42:10
have you found anything else out?

Report •

Related Solutions

September 16, 2009 at 10:24:43
I quickly connected to microsoft's website and using their site search, searched the following string: Event ID: 5722 netlogon which yielded the following:

As you can see, there are a lot of errors with that error code. It would be a great help if you could also post the error message associated with each event.

2. Printers will get disconnected (fixed by ipconfig /release/renew I have to do this about 10 to 15 times a day)

Do you mean, network printers are being disconnected, or, the printer mapping on each workstation is disconnecting? If the former, network printers should always have statically assigned IP's so they never change. If the latter, it's all part of the issue you're having. Clear it up and drive mappings, as well as printer mappings, will stop getting messed up.

Check your DNS and host records for the DNS server as well to ensure they point to the correct IP address of your DNS server. Also, if it's not now, your server should also have a static IP address. Devices like servers, network printers etc should always have static IP's.

Report •

September 16, 2009 at 11:06:24
What device is providing the dhcp addresses? The router or the server?

Is the 2003 server running Active Directory?
How many server cals do you have?

To what are the workstations pointed to for dns? Router/internet or the 2003 server?

Looking at the diagram I see your 24 port switch is maxed. You are also running phones, computers, server and ip cameras over it.

Is this a managed switch?

Report •

September 17, 2009 at 06:26:54
Thanks for the reply!

The printer problem I think is just caused by whatever is going on with the network like you said.

The other things that I just noticed is that some times users cant log on. It just gives them an error that the domain isnt there. I have to log in locally do an "ipconfig /release/renew" log off then log them in to the domain.

Workstation Stuff:
here are some errors I'm getting:
Event ID: 5719 NETLOGON
No Domain Controller is available for domain NAOMI due to the following:
There are currently no logon servers available to service the logon request. .
Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

Event ID 10009 DCOM
DCOM was unable to communicate with the computer daomi-dr using any of the configured protocols.

Event ID 11193 DNSApi
The system failed to update and remove host (A) resource records (RRs) for network adapter
with settings:

Adapter Name : {48D936C0-6866-429B-9296-9D4FB748817F}
Host Name : NaomiDR
Primary Domain Suffix : NAOMI.local
DNS server list :,
Sent update to server :
IP Address(es) :

The system could not remove these A RRs because the DNS server failed the update request. A possible cause is that a zone transfer is in progress, causing a lock for the zone at the DNS server authorized to perform the updates for these RRs.

Event ID 40961 LSASRV
The Security System could not establish a secured connection with the server DNS/daomi-dr.NAOMI.local. No authentication protocol was available.

Event ID 40960 LSASRV
The Security System detected an attempted downgrade attack for server DNS/daomi-dr.NAOMI.local. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.

DNS Stuff:

The Server is the DNS server as far as I know.
The server is running Active Directory.
I dont know what "cals" are...
I think all the workstations are pointed to the router....they are all set to auto....
yes, its a managed switch (the 24 port) and I did not set it up so I don't know how it's setup
I get some errors in the DNS Event log:

(the last time this happened was 6/15/09)
Event ID 6702 DNS
DNS server has updated its own host (A) records. In order to ensure that its DS-integrated peer DNS servers are able to replicate with this server, an attempt was made to update them with the new records through dynamic update. An error was encountered during this update, the record data is the error code.

If this DNS server does not have any DS-integrated peers, then this error
should be ignored.

If this DNS server's Active Directory replication partners do not have the correct IP address(es) for this server, they will be unable to replicate with it.

To ensure proper replication:
1) Find this server's Active Directory replication partners that run the DNS server.
2) Open DnsManager and connect in turn to each of the replication partners.
3) On each server, check the host (A record) registration for THIS server.
4) Delete any A records that do NOT correspond to IP addresses of this server.
5) If there are no A records for this server, add at least one A record corresponding to an address on this server, that the replication partner can contact. (In other words, if there multiple IP addresses for this DNS server, add at least one that is on the same network as the Active Directory DNS server you are updating.)
6) Note, that is not necessary to update EVERY replication partner. It is only necessary that the records are fixed up on enough replication partners so that every server that replicates with this server will receive (through replication) the new data.

Report •

September 28, 2009 at 06:52:48
I still haven't resoulved this issue.
I've been looking at a few things online but mostly everything I read says to remove the computer from the domain and re join it.

I've done this to several of the computers with no progress. I even just built a computer, installed windows XP pro sp3, and joined it to the domain and it is getting this problem...

Report •

September 28, 2009 at 11:47:37
Hard to help you when you don't answer the questions.
Please reply specifically to my question(s) in post #5. Thx

Report •

September 29, 2009 at 11:19:21
Sorry, to answer your questions:
The router is providing the DHCP addresses

The server is running AD and I am going to guess I have 5 CALs with our server. (Windows 2003 standard)

Looks like the the workstations are pointing to the Server for DNS

The switch is managed. (but I did not set it up)

Report •

September 29, 2009 at 12:51:42
This doesn't look right

"DNS server list :,"

This the only AD server?
It's ip is x.x.x.192?
Is this a static ip for the server???
This message infers to me its not static
"DNS server has updated its own host (A) records"

In the ms dns server, go to the forwarders tab. What is listed here?

You also have a licencing issue. With 11 pcs you need 11 cals. This explains why you can't have all pcs on at the same time

Report •

September 30, 2009 at 06:48:32
Yes, there is only one AD server.

Yes the IP is set to static

In the MS DNS Server I have listed, in the forwards tab:

I'll see if 5 is what we have or not.

Report •

September 30, 2009 at 12:27:25
You mean forwarders tab? That entry is incorrect. Forwarders tab should be populated with the ip addresses of the isp's dns servers.

The way ms dns works is the workstations and server point to the server for dns. This solves local name resolution.

If a workstation/server makes a url request the ms dns server forwards the request to the dns servers listed in the forwarders tab.

to conclude;
1. you have licensing issues
2. dns is not properly configured

Report •

October 1, 2009 at 06:11:16
I may be looking in the wrong place... Can you describe where its at so I can tell you if that is right or wrong?

Report •

October 1, 2009 at 08:10:58
Where what is at? Forwarders tab?

You also need to correct the servers tcp/ip dns setting to only point to itself. It should also have a static ip asssignment. Workstations need to point to the ad server for dns not the gateway or internet dns.

Report •

October 1, 2009 at 12:54:14
ok, in the forward tab it has listed this:

on the interfaces tab (says selcect IP address that will serve DNS request):

is the server's fixed IP

Report •

Ask Question