Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 5789 Source: NETLOGON

Source
Level
Description
Attempt to update DNS host name of the computer object in Active Directory failed. The updated value was <fully qualified computer name>. The following error occurred: <error description>.
Comments
 
I had this problem. Backups were failing, Server was showing constant 5788 & 5789 errors. Every 10-15 minutes. Determined the issue was due to server hardware change 3 months previous & then the server was renamed. I manually typed in the correct(Missing)domain in server Networking properties, Then rebooted server. Server has been running for 3 days now with no further errors.
I was experiencing issues with NETLOGON, SPN records, Kerberos, NLTEST, and connections beetwen servers and domain controllers.

Randomly we were losing connection with DC and only re-joining in domain solved this issue. There were also communication problems with Kerberos, SPN (even though the SPN was set correctly in schema) recprds, and NLTEST was always unsuccessful. Renaming and rejoining the domain did not help, neither re-promoting of DCs.

I fixed this by:
1. Removing another gateways from the network configuration
2. Inserting only primary and secondary DNS system into network settings of servers
3. Removing DNS systems which were not domain members from NAME Servers settings on domain DNS systems

I would recommend that first, install all the patches and hotfixes for the affected systems. I have also implemented the recommendations found at ME948496 and ME244474.
I solved the problem by doing the following:

1. On the computer that recorded the events, I right-clicked "My Computer" and then I clicked "Properties".
2. On the "Computer Name" tab, I clicked "Change" and then I clicked "More".
3. The Primary DNS suffix was missing and "Change primary DNS suffix when domain membership changes" was unchecked, so I checked the box and entered my domain name (domain.org).
I had this error on a member server that was running Windows 2003 SP1. In my case, it turned out to be a permission problem. I searched for the computer account in Active Directory Users & Computers, right clicked, chose Properties and selected the "Security" tab. I added the computer account itself and gave it Full Access permissions.
- Error: "Access is denied" - The member's computer account can read but can not write to the Active Directory. See WITP73870 to solve this problem.


Try “ipconfig /displaydns” to see if the machine name for the local host entry is correct. If not, check your "hosts" file. In our case, a program inserted the old machine name as local host into the "hosts" file. As the machine name changed, this old entry caused this error.
- Error: "Access is denied" - I have solved this problem simply by disjointing the PC from domain to workgroup, deleting the computer account in Active Directory, and then rejoining the domain.
- Error: "The remote procedure call failed and did not execute" - We ran into this error, in addition to an EventID 5788, booting up PC's at a new facility that was using LAN to LAN VPN over DSL. The computers that belonged to Active Directory would hang on "applying computer settings" on boot-up. What it turned out to be was that we needed to add an "ip mtu 1460" statement to the WAN interface of our Cisco router. The link “Adjusting IP MTU, TCP MSS, and PMTUD on Windows and Sun Systems” provides helpful information related to this issue.
I had an issue that was a perfect match for the situation described in ME258503, but Microsoft’s fix was not perfect. In addition to the steps outlined in the article, I had to enable the “Write DNS Host Name Attributes” property for the “Self” user.
- Error: "Could not find the domain controller for this domain" - See ME329708.
- Error: "Access is denied" - See ME826899 and Error code 5.

See ME819411 for more information on this event.

From a newsgroup post: "After doing research on TechNet, I came across ME257623 that showed three methods of correcting this issue. Since methods 2 and 3 were not applicable to my situation, method 1 seemed my best choice. I followed the instructions and it did nothing. However, it did give me an idea. I searched my registry for the word "SUFFIX", hoping there would be minimum entries. I found what I needed and here is what I did. I changed my domain name in the following keys:

“HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\SYSTEM\DNSCLIENT\NVPrimaryDNSSuffix="childrens" to "chva-int.org"

and

“HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\SYSTEM\DNSCLIENT\PrimaryDNSSuffix="childrens" to "chva-int.org".

Then, in the TCP/IP properties, I clicked the Advanced Button, DNS tab, and checked "Use this connections DNS suffix in DNS Registration". Then I entered the following command in the command prompt: “c:\ipconfig /registerdns”. After this Event ID 5789 stopped appearing and “ipconfig /all” showed the correct DNS entries.

What caused this problem? Well, when creating my network and adding servers, I used the NetBIOS name to add the server to the network, instead of the DNS name. Yes, everything worked, but some time it stopped working".
- Error: "The security context could not be established due to a failure in the requested quality of service (e.g. mutual authentication or delegation)" - I got this error when I joined a server to the domain and renamed the computer at the same time. The updated value still showed the old name of the computer. After the mandatory reboot, the error did not repeat.
Error: "Access is denied" - According to Microsoft: "This behavior can occur if the computer account has permission to read the Active Directory record for itself, but does not have permission to write to the record or the entire directory." See also the link to Error code 5.

Error: "The parameter is incorrect" - See the link to Error code 87.
Error: "Access is denied" - I found that if a trust has broken down between Domain Controler and member server and if the member server was to regain domain membership by joining a workgroup then rejoining the domain, although membership is granted, due to the fact that the user is a domain administrator, if the account has not been deleted from the DC's ative directory list, the secure token is still assingned to the previous membership therefore access is corrupted/restricted.
Error: "Access is denied" - This was the result of a manual DNS entry. Set permissions of the DNS entry so that the computer has full control.


Error: "The parameter is incorrect" - According to Microsoft "This behavior can occur if the DNS domain name for the computer does not match the Active Directory domain name. Specifically, the Change primary DNS suffix when domain membership changes check box has been cleared, and contains a DNS domain different from the Active Directory domain of which the computer is a member. To view this check box, right-click My Computer, click Properties, and then click the Network Identification tab." See ME258503.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...