Microsoft Event ID 5738
Encountered an issue with slow network log-ins and event 5738 appearing within the client event log. In this scenario the client has ISA 2006 running on windows 2003 R2 with windows 200 and XP clients. Looks like the issue could be related to ISA and/or DNS. I did notice that the Server did not have PTR records (reverse DNS) configured. This particular issue turned out to be the ISA Server. It appears that it was rejecting valid log-ins due to recently installed remote e software. This software collects events and perfmon data and forwards to a central management server at 5min polling intervals. Although I am not certain, it appears that the ISA server decided that it was under attack and started rejecting new connections. A self inflicted Denial of Service attack (DoS).
Event ID 5783 http://www.eventid.net/display.asp?eventid=5783&eventno=1024&source=NETLOGON&phase=1
|
Netlogon Event ID 5783 |
The source server listed in the error message was unable to complete a remote procedure call (RPC) call to the destination server. Most commonly, this means that either the source server could not locate the server in DNS or the RPC interface on the destination server is not working. | If the source server could not locate the server in DNS, troubleshoot Active Directory replication failure due to incorrect DNS configuration.If this is not a DNS problem, troubleshoot RPC problems. |
Doc\'s Tech Times 
Leave a comment