Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 5775 Source: NETLOGON

Deregistration of the DNS record '<record>. 600 IN SRV 0 100 3268 <server>.' failed with the following error: <error description>.
If you are running dcpromo to remove a domain controller from a domain, simply start and stop the netlogon service. This will allow dcpromo to complete successfully.
Microsoft articles ME309633 and ME825763 have information on solving this problem.
- Error: "DNS operation refused" - I was getting hundreds of these events in my Event Log. I resolved this problem by following the steps in ME316239.
From a newsgroup post: "I had the same Event 5775: Bad DNS Key. I cured the problem by "net stop netlogon" before restarting the computer. As you know, the error entries in the System log are made after a restart is initiated, but before the computer restarted. It may be that the netlogon service, which is the source of the error entries, is prevented from deregistering SRV records by the prior stopping of another service as part of a restart. Manually stopping the netlogon service seems to allow it to successfully deregister SRV records (at least no event 5775 error entries are made in the System log)".

From a newsgroup post: "Your DC is trying very hard to get records entered into the DNS zone at your ISP and that DNS server appears to not understand the Update opcode, or to be configured to ignore update messages. Previous posts point to knowledge base articles on how to shut off the attempts by Netlogon to register. However, without these records in the DNS domain for your AD, most domainlevel services are not going to work, so if you use a DNS server to which netlogon cannot add these records, then you will need to see to it that they are entered manually. Again, it is probably not the best idea to place these all out into a public DNS zone - and it will certainly cause excess packet trips to the remote DNS server, not to mention total misery when you must be disconnected from your ISP. You may want to re-evaluate how you are handling DNS services. A local DNS server used by your machines, and which forwards to your ISP's DNS server avoids most all of these issues".

See MSW2KDB to initiate dynamic registration of the DNS records by this domain controller.
Error: "DNS name does not exist." - no info

As per Microsoft: "In general, these error messages are logged because the Netlogon service does not receive a "success" message from the DNS server that owns the zones of the records that are being registered". See the links below for more info.

Error: "DNS bad key" - As per ME282924, this may appear after you run the Internet Connection Wizard. To resolve this problem, correct the DNS settings of the Local Area Connection. ME316710 points to another situation when this error can occur if the Kerberos Key Distribution Center service is disabled.
Error: "DNS bad key" - Recently I saw this event during the process of which I removed an Active Directory domain from a server and recreated a new Active Directory domain on the same server. The DCPROMO and Active Directory setup wizards had no problems but it appeared that the NETLOGON service was still referencing the old domain name resource records for DNS.

I found that the NETLOGON service uses the following 2 files; NETLOGON.DNS & NETLOGON.DNB. These files did in fact contain resource record information on the previous domain name. Here''s a set of steps to take care of the problem.
1. Stop the NETLOGON service.
2. Copy out NETLOGON.DNS and NETLOGON.DNB from %SystemRoot%\System32\Config to a hold directory in case they might be needed.
3. Delete NETLOGON.DNS and NETLOGON.DNB from the %SytemRoot%\System32\Config directory.
4. Restart the NETLOGON service. NETLOGON.DNS and NETLOGON.DNB will be recreated on the fly with the current AD domain DNS information.  

Your Event ID 5775 errors will no longer be a problem in this case!

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.