Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 5783 Source: NETLOGON

Source
Level
Description
The session setup to the Windows NT or Windows 2000 Domain Controller  <server name 2> for the domain  <domain name 2> is not responsive. The current RPC call from Netlogon on <server name 1> to <server name 2> has been cancelled.
Comments
 
For us, our SNA server could'nt connect to AD Server who recently upgrading in SP2. All services based on RPC/Netlogon such as RDP, SNABase, ISA, etc. could have this event.

In W2K3 SP2 Active directory server, disable the "TCP chimney Offload". To resolve it, you can disable the TCP chimney and monitor the server. Please follow these steps:

- Click Start, click Run, type regedit, and then click OK.
- Locate the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- Right-click EnableTCPChimney, and then click Modify.
- In the Value data box, type 0, and then click OK.
- Right-click EnableRSS, and then click Modify.
- In the Value data box, type 0, and then click OK.
- Right-click EnableTCPA, and then click Modify.
- In the Value data box, type 0, and then click OK.
- Exit Registry Editor, and then restart the computer.

More details at ME912222 and ME948496.
This may also happen when you have 2 or more sites connected via VPN and the connection goes down.
After further investigation, it was found that the system that was “Unavailable” was rebooting (automatically) at the time of the error after having Windows updates installed to it.
I have gone through many links in the past few days to find out more details about this problem happening on one of my users Windows XP box, but whatever links I browsed, I just saw resolutions about this problem happening on servers. I was however successful to stop the error happening on the users box by disabling the firewall software (McAfee Host Intrusion Protection) installed on the box.
I had this issue with ISA Server 2004 and Windows Server 2003 SP1. I found out that I needed to update ISA to the latest service pack to stop the 5783, 1053 Userenv and RPC unavailable errors. The errors are now gone and users/groups can now be added/removed from the ISA box.


I found the same problem in one of my server. The problem appeared because the server was pointing to a wrong DNS server. After pointing it to the correct DNS server, the error disappeared.
From a newsgroup post: "Remove your ISP's DNS from your NICs and put in the address of your local DNS server, usually your Win2k DC is the AD DNS server. Do not use your ISP's DNS in any position on AD domain members. If your local DNS server is unable to resolve internet names check for a "." forward lookup zone and delete it".
As per Microsoft: " These issues may occur if the Norton AntiVirus Auto-Protect service is running". See ME810402 for more details.
Microsoft says to uninstall and reinstall all networking components. This is because the MS network client is the one that is making the RPC call, and if that is corrupted then communication with the rest of the network will fail. You should also remove and reinstall your protocols as well. Make sure that you have a good backup of your registry.  When you uninstall all the network components your shares go away, and you will have to restore the registry to get them back.  Microsoft neglected to tell me this. I believe that our problems started with a bad LAN card.
When you have a Trust between two Windows 2000 Domains and one of the domains is unreachable, for example, via VPN. You get the 5783 error. If you have the situation as described above, the only thing you have to do is, activate the connection between both domains. It happens because a computer in one network is trying to logon to a resource in another network.
I received this error when trying to create and verify a trust between two domains. The verify would fail and I would get this event id. The solution is to use the full domain name when entering in a user in the opposite domain i.e. LDW.ie\Administrator instead of LDW\Administrator. The verification works and the event id disappears.
We had the following characterstics of the problem:
1. The system was getting slower
2. The Terminal Server Manager would show only the current server information
3. Net Use command would hang
4. The login and logoff process got slower and slower
5.  No domain users would get authenticated
The problem was resolved by installing Microsoft Windows 2000 Service Pack 3.
The machine could not log on to the domain using the computer account. The domain controller is UP but the RPC and netlogon services are down for some reason. Your problem is on the closest or the authenticating DC, check for service failures.
This appears to be an error which occurs when there is some network error and the server is not able to access the domain controller.


The error happens when the client fails to establish the session with the remote server. Since the problem happens intermittently, it might be caused by server's high workload. The server cannot response to the client in a certain time, then the client records the error. Normally, the client can try several times to establish the session. If you don't find a continuous error on the client or don't find any impact on the client, then you can ignore the error.
NetBIOS can also be the cause of the problem. Enabling "NetBIOS over TCP/IP" in the TCP/IP Advanced Settings can also resolve this issue.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...