This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 88%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi,
We have added a third domain controller, and everything seems ok, but I now and then get this message in the system event log
Event ID 5719
This computer was not able to set up a secure session with a domain controller in domain XXX due to the following:
We can't sign you in with this credential because your domain isn't available. Make sure your device is connected to your organization's network and try again. If you previously signed in on this device with another credential, you can sign in with that credential.
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.
ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
Dont see this message on the other domain controllers. I dont have any issues logging into the domain controller.
Suggestions ?
Thanks for reply
/R
Andy
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Maybe this one?
https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/remove-orphaned-domains
or also Netdom trust command could be used to verify and remove trust relationship between domains:
http://technet.microsoft.com/en-us/library/cc835085(v=ws.10).aspx
--please don't forget to upvote and Accept as answer if the reply is helpful--
Just checking if there's any progress or updates?
--please don't forget to upvote and Accept as answer if the reply is helpful--
Hi,
Thanks for reply.
Not sure what to look for, but I know we have a trust against DOMAIN-C but not against DOMAIN-B.
DC3 was just added some weeks ago, do the other domain (DOMAIN-C) needs to do something or is this trust ok?
On DC1 and DC2 I have the following image, and as you can see on DC3 the option for Kerberose is grey, why is that ?
(DC1 and DC2)
DC3
(DC3)
