You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: support/windows-server/windows-security/event-id-5719-when-netlogon-service-restarts.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -26,7 +26,7 @@ The event text might include the `0xC00000E5 (STATUS_INTERNAL_ERROR)` code.
26
26
27
27
The event doesn't persist. Windows establishes the secure channel with the domain controller. Normal domain operations then resume.
28
28
29
-
The event occurs even though you haven't made any recent configuration, update, or software changes.
29
+
The event occurs even though you didn't make any recent configuration, update, or software changes.
30
30
31
31
## Cause
32
32
@@ -36,18 +36,18 @@ The error happens because of protocol differences in Kerberos authentication sup
36
36
37
37
When a Windows Server 2025 member server tries to establish a secure channel with a domain controller that runs Windows Server 2022 or an earlier version, it starts the connection by using the new Kerberos authentication method. Older domain controllers don't support this new authentication Remote Procedure Call (RPC) call. Because of this lack of support, authentication fails and Windows logs Event ID 5719. The system automatically falls back to the legacy NetLogon method. This method succeeds in establishing the secure channel.
38
38
39
-
This sequence results in a single, harmless error event. You can ignore this event unless it's accompanied by ongoing authentication or connectivity problems.
39
+
This sequence results in a single, harmless error event. You can ignore this event unless you also see ongoing authentication or connectivity problems.
40
40
41
41
## Resolution
42
42
43
43
If Event ID 5719 occurs only once when NetLogon restarts and the secure channel is established (domain operations proceed without issue), this event is harmless. You can safely ignore it.
44
44
45
-
Don't try remediation unless you see additional, persistent authentication or secure channel issues.
45
+
Don't try remediation unless you see other persistent authentication or secure channel issues.
46
46
47
47
Microsoft recognizes this event as expected in mixed-version environments. Microsoft might suppress or clarify this event in future updates or documentation.
48
48
49
49
> [!IMPORTANT]
50
-
> If the error recurs outside of NetLogon restarts or is accompanied by domain trust or authentication failures, investigate further. Collect the log data as described in [Collecting log data](#collecting-log-data), and then contact Microsoft Support.
50
+
> If the error recurs outside of NetLogon restarts or coincides with domain trust or authentication failures, investigate further. Collect the log data as described in [Collecting log data](#collecting-log-data), and then contact Microsoft Support.
51
51
52
52
### Workaround (optional)
53
53
@@ -83,7 +83,7 @@ Collect the following logs:
83
83
84
84
-**System event logs**. Focus on entries for Event ID 5719 (Source: NetLogon).
85
85
86
-
-**NetLogon service logs**. If you need deeper analysis, turn NetLogon debugging on.
86
+
-**NetLogon service logs**. If you need deeper analysis, turn on NetLogon debugging.
0 commit comments