Share via

Event 5774, NETLOGON Error

Anonymous
2023-09-19T13:44:32+00:00

Hi,

I been getting this event regularly overt the past few months and not sure how to resolve it.

It occurs on both Windows 2016 DCs.

The dynamic registration of the DNS record 'gc._msdcs.mydomain.com. 600 IN A 10.0.0.2' failed on the following DNS server:  

DNS server IP address: 10.0.0.2

Returned Response Code (RCODE): 0 

Returned Status Code: 10054  

For computers and users to locate this domain controller, this record must be registered in DNS.  

USER ACTION  

Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain  controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service. 

  Or, you can manually add this record to DNS, but it is not recommended.  

ADDITIONAL DATA 

Error Value: An existing connection was forcibly closed by the remote host.

There are additional events which are similar e.g.

The dynamic registration of the DNS record '_ldap._tcp.dc._msdcs.mydomain.com. 600 IN SRV 0 100 389 myserver.mydomain.com.' failed on the following DNS server:  

DNS server IP address: 10.0.0.2 

Returned Response Code (RCODE): 0 

Returned Status Code: 10054  

I have run DCDiag but this returns the same errors from Event Viewer so no further forward.

Any help appreciated.

Thanks,

Mike

Windows for business Windows Server Directory services Active Directory

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-09-20T06:03:06+00:00

    Hello _MM,

    Thank you for posting in Microsoft Community forum.

    You can check or troubleshoot the issue as below:

    1.How many Domain Controllers are there in your domain? Two or more than two DCs?

    2.You can try to check whether the two DNS records mentioned above actually exists or not on both 2016 Domain Controllers.

    For example:

    gc._msdcs.mydomain.com

    ![Image](https://filestore.community.support.microsoft.com/api/images/eda8fd29-f204-4a8a-9e7f-baa0f930b7a9?upload=true&fud_access=wJJIheezUklbAN2ppeDns8cDNpYs3nCYjgitr%2bfFBh2dqlqMuW7np3F6Utp%2fKMltnRRYFtVjOMO5tpbpW9UyRAwvLeec5emAPixgq9ta07Dgnp2aq5eJbnfd%2fU3qhn54Ui9c7IY3%2bVaDGM794ieFEWFOTytTrMKy7m1XQpeIKlfhHZvv6qxFNypZh8EVO%2bjzMgLRnj7SrY%2fjVoV7qs8fDiK994oMxVrhrFAMYDcU%2fzou6ZMBv031TY0S0DcqhtZ4e19FhO%2b86DRZsMqMnqYpOPQBNUHnhIds4Jo3WsVhhVyuY2RtUDUU8BwaiqPCg2wF2tSCVk0ESbl%2bYGOnilP4z5ywK5VcuRfiKF4Fw6AjPp0BbBSzrwxmFPR72QC7HdBtiaI4TN4e0UjkS%2b6YXioorKUnJKq9OalAg5llI9QUtz8%3d)

    And _ldap._tcp.dc._msdcs.mydomain.com
    ![Image](https://filestore.community.support.microsoft.com/api/images/231c1662-9bf8-48fa-8361-2be6ab8eb55b?upload=true&fud_access=wJJIheezUklbAN2ppeDns8cDNpYs3nCYjgitr%2bfFBh2dqlqMuW7np3F6Utp%2fKMltnRRYFtVjOMO5tpbpW9UyRAwvLeec5emAPixgq9ta07Dgnp2aq5eJbnfd%2fU3qhn54Ui9c7IY3%2bVaDGM794ieFEWFOTytTrMKy7m1XQpeIKlfhHZvv6qxFNypZh8EVO%2bjzMgLRnj7SrY%2fjVoV7qs8fDiK994oMxVrhrFAMYDcU%2fzr5kJXGFqmDGuGi2ac1k0IMYZG4OldSpf821vPsCAl9%2bXG3Fgu5nmePHTyr38ijHrxCi%2b8PXEh8vIyokleWqGJmhJQ%2fUDPQ%2fPNJGkaLE2mIyFTl%2fpg7nndvDxzOBUe5OVFDC69XXJBwpUNFxoDyFLY10v4POPFFn6iM5DqDV3PQBYpe9ym5QUMS4aaywRZiIMc%3d)

    3.If you also have other DCs except the two 2016 DCs, you can also check if gc._msdcs.mydomain.com and _ldap._tcp.dc._msdcs.mydomain.com actually exists or not on other DCs.

    4.Try to check AD replication status between all Domain Controllers in this domain? Please run commands below on PDC.

    repadmin /showrepl >c:\rep1.txt

    repadmin /replsum >c:\rep2.txt

    repadmin /showrepl * /csv >c:\repsum.csv

    I hope the information above is helpful.

    If you have any question or concern, please feel free to let us know.

    Best Regards,

    Daisy Zhou

    0 comments
  2. Anonymous
    2023-09-20T10:36:06+00:00

    Hi Daisy,

    Many thanks for your reply.

    I have two 2016 DCs.

    Both DCs have all the DNS records that are detailed in the 5774 events.

    On DC1 the timestamp has been updated after the 5774 event occurs.

    Sometimes the record has been updated a few minutes after the 5774 event and sometimes it's a number of hours later.

    On DC2 the events exist but the timestamps have not been updated. They are dated 2020.

    Is this because Aging and Scavenging is not enabled so timestamps are not updated as advised in the following doc?

    How DNS Aging and Scavenging Works - TechNet Articles - United States (English) - TechNet Wiki (microsoft.com)

    Each time I restart a DC I use Repadmin to ensure replication is occurring so am confident that it is.

    I believe the DNS settings are incorrectly configured on the NICs of the DCs.

    DC1 has the loopback address set as primary DNS server and nothing for the secondary DNS server.

    DC2 has DC1 as the primary DNS server and it's own IP address as the secondary.

    My understanding is theat each DC should have the IP address of the other as primary DNS and the loopback address as the secondary DNS server.

    Is this correct?

    Thanks,

    Mike

    0 comments
  3. Anonymous
    2023-09-21T03:02:47+00:00

    Hello _MM,

    Thank you for your reply.

    So you mean there are two DNS regards mentioned above on both two 2016 DCs, timestamp on DC1 is new. but timestamp on DC2 is old (2020), am I right?

    If so, I have a question, because AD replication on both DCs is working, why new timestamp on DC1 is not replicated to DC2 ( for AD-integrated DNS)?

    You can try to run the two commands ipconfig /flushdns and ipconfig /registerdns on DC2, then restart the netlogon services to check if timestamp related to the DNS records on DC2 is new.

    Maybe old timestamp on DC2 may be related to Aging and Scavenging. How did you check Aging and Scavenging is not enabled in DC2?

    You can try to check and/or set Aging and Scavenging on DC2 to see if timestamp related to the DNS records on DC2 is new (for networking setting on DCs, you had better to discuss or work with network team together, or maybe you had better back up necessary data before making any changes).

    I think it is OK you mentioned below.

    DC1 has the loopback address set as primary DNS server and nothing for the secondary DNS server.

    DC2 has DC1 as the primary DNS server and it's own IP address as the secondary.

    I think it is also OK you mentioned below.

    My understanding is that each DC should have the IP address of the other as primary DNS and the loopback address as the secondary DNS server.

    For more information about DNS settings on DCs, you can read this similar thread below.
    windows - How to configure DNS server on domain controller - Server Fault

    I hope the information above is helpful.

    If you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    1 person found this answer helpful.
    0 comments