Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 3096 Source: NETLOGON

The Windows NT domain controller for this domain could not be located.
This error was occurring at boot-up on a Windows Server 2003 domain controller because DNS was not loading quickly enough to service this and other services. We changed the server's own DNS entry to point to another DNS server in the domain instead of itself, and all the errors went away. The solution is simple: Add the IP address of another DNS server on your domain as a secondary DNS entry in TCPIP. At boot-up, if the primary DNS server (the server booting) cannot respond to requests, it will use the secondary DNS server. Boot-up should process without errors, and once DNS is started, the server will use its own DNS for subsequent DNS queries. This appears to be a known issue with Windows AD domain controllers.
As a follow up, Rahisuddin's comments regarding this event within an Active Directory is accurate, and ME193888 provides addition information regarding how to handle this situation.
Specifically, a client has a server that was refusing to start services with accounts other than Local System. A review of the event logs indicated the fact that the server, itself the local AD server and DNS server, simply could not find a local domain controller at the point that the services were starting. Delaying the Netlogon service until the start of the local DNS service corrected the problem appropriately.
This event can occur when your computer system's backup domain controller cannot be promoted to a primary domain controller, because a trust relationship is configured from the backup domain controller to the domain to which the backup domain controller is a member. See ME263636 to solve this problem.

See "JSI Tip 2956" for additional information about this event.
In an Active Directory environment, when a domain controller comes online, the Netlogon service starts before the DNS service. If the DNS for that DC is pointed toward itself, the Netlogon service cannot locate the domain controller so we get the error.

Please see also Microsoft Knowledge Base Article - ME151987 and ME186543.
We encountered this error message on servers that are starting and the connection to a domain controller is not available. For example, the network cable was not connected, or on a system with multiple network cards the cable was connected in the wrong one (not the one connected to the network segment where the PDC was running).

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.