Skip navigation
Menu
End-User Platforms>Windows 7/8

JSI Tip 7919. Your Windows Server 2003 domain controller System event log records event ID 5774?

When you inspect the System event log on your Windows Server 2003 domain controller, it contains one event per day, similar to:

Type: Error
Date: MM/DD/YYYY
Time: HH:MM:SS
Event ID: 5774
Source: NETLOGON
User: N/A
Computer: <Computer Name>
Details: The dynamic registration of the DNS record recordName failed on the following DNS server: DNS server IP address: ServerIPAddress Returned Response Code (RCODE): 0 Returned Status Code: 9505 For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION: Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. You can find this program on the Windows Server 2003 installation CD in Support\Tools\support.cab. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service. Nltest.exe is available in the Microsoft Windows Server Resource Kit CD. Or, you can manually add this record to DNS, but it is not recommended.

When a DNS server, that accepts non-secure dynamic updates, registers the IP address of a DNS client that only permits secure dynamic updates, the NETLOGON service reports an error with status 9505 to the DNS server.

NOTE: The update was successful but it is NOT secure.

To resolve this issue, insure that both the _msdcs.domain.suffix and domain.suffix zones are set to only accept secure dynamic updates, or change the Group Policy for the DNS client service so it does not have to use secure dynamic updates (see tip 4968).

You can use group policy for the DNS client service to force what type of dynamic update you desire.

To force a client computer to use secure dynamic updates without using group policy:

1. Copy / Paste the following to a UpdateSecurityLevel.reg file:

REGEDIT4

\[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\]
"UpdateSecurityLevel"=dword:00000100

2. Merge the UpdateSecurityLevel.reg file with the client registry, or run regedit /s UpdateSecurityLevel.reg

3. Restart the client computer.



Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
PowerShell screenshot shows Where-Object cmdlet
How to Use the PowerShell Where-Object Cmdlet
Aug 04, 2022
shield_icon_laptop.jpg
What To Do When Windows Defender Is Not Working
Mar 15, 2022
Computer Screen Showing Password Dialog Box
Microsoft Edge Downloads Updated for Azure AD Sign-In & Sync
Aug 22, 2019
mktg-wp-nolabel5
How to Approach the Windows 7 to 10 Migration
Aug 01, 2019