Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


NETLOGON not available for 2k8 R2 ENT SP1(VM) on ESXi 5.

  • Please log in to reply
2 replies to this topic

#1 lvaibhavt


  • Members
  • 1 posts
  • Local time:11:35 PM

Posted 01 July 2016 - 03:48 AM

Hi All,

I have a windows server 2008 R2 ENT SP1 and it is xenapp 6.5 application. There are few application installed on this xenapp server and users access them remotely. With this server we are getting NETLOGON error’s

Log Name: System
Date: 2016/7/1 6:39:22
Event ID: 5719
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: xxxxxxxxxxxx.domain.local
This computer was not able to set up a secure session with a domain controller in domain TEST due to the following:
The RPC server is unavailable.
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.

If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

With this error we also get TCPIP event as well

Log Name: System
Source: Tcpip
Date: 2016/7/1 6:39:22
Event ID: 4227
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: xxxxxxxxxxxx.domain.local
TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint. This error typically occurs when outgoing connections are opened and closed at a high rate, causing all available local ports to be used and forcing TCP/IP to reuse a local port for an outgoing connection. To minimize the risk of data corruption, the TCP/IP standard requires a minimum time period to elapse between successive connections from a given local endpoint to a given remote endpoint.

We have another Xenapp server with the same configuration and it does not have any of the above messages/event/errors. These are VM’s running on ESXi 5.1 U3.

I was checking for solutions for event TCPIP event id 4227 and found https://theregime.wordpress.com/2013...event-id-4227/ >>>>> the port number on the server come up as

Protocol tcp Dynamic Port Range
Start Port : 49152
Number of Ports : 16384

Protocol udp Dynamic Port Range
Start Port : 49152
Number of Ports : 16384

The issue comes up as NETLOGON failed for the server and no one is able to access the server – we then need to reboot the server to fix it.

there are plenty of ports on the server ...... So I am left with fix 2 which is decreasing the value for the port # to be release. Is event id 4227 and 5719 (above errors) inter related?

Any other suggestion that I can follow to fix this issue

Thanks in advance

BC AdBot (Login to Remove)


#2 FreeBooter


  • Members
  • 3,137 posts
  • Gender:Male
  • Location:Turkey - Adana
  • Local time:09:05 PM

Posted 01 July 2016 - 07:19 AM

Below i have inputted few registry values that you can use to boost network performance and eliminate the  Event ID: 4227. You can add these commands into Notepad and save it as TCPIP_Tweaks.bat and run it as a administrator. You should backup registry with ERUNT utility that can be used to backup and restore the Windows Registry. If any issue you can restore registry settings. You can found more information about each values that is been added or edited by this batch file by google searching the word after the /v parameter.
@Echo Off & Cls

Reg add "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters"  /v Tcp1323Opts   /t REG_DWORD  /d 1  /f 2>&1 >nul

Reg add "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters"  /v SackOpts    /t REG_DWORD  /d 1  /f 2>&1 >nul

Reg add "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters"  /v TcpMaxDupAcks /t REG_DWORD  /d 2  /f 2>&1 >nul

Reg add "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters"  /v  NameSrvQueryTimeout  /t REG_DWORD  /d 3000 /f 2>&1 >nul

Reg add "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters"  /v TcpMaxDupAcks  /t REG_DWORD /d 2 /f 2>&1 >nul

Reg add "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters"  /v EnablePMTUDiscovery /t REG_DWORD /d 1 /f 2>&1 >nul

Reg add "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters"  /v EnablePMTUBHDetect /t REG_DWORD /d 1 /f 2>&1 >nul

Reg add "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters" /v DefaultTTL /t REG_DWORD /d 64 /f 2>&1 >nul

Reg add "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v MaxFreeTcbs  /t REG_DWORD  /d 65536 /f 2>&1 >nul

Reg add "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v MaxUserPort  /t REG_DWORD /d 65534 /f 2>&1 >nul

Reg add "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v GlobalMaxTcpWindowSize /t REG_DWORD /d  65535 /f 2>&1 >nul

Reg add "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpTimedWaitDelay  /t REG_DWORD /d 30 /f 2>&1 >Nul

Reg add "HKLM\System\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v MaxCollectionCount /t REG_DWORD /d 32 /f 2>&1 >nul

Reg add "HKLM\System\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v MaxThreads  /t REG_DWORD /d 30 /f 2>&1 >nul

Reg add "HKLM\System\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v MaxCmds /t REG_DWORD  /d 30 /f 2>&1 >nul

Edited by FreeBooter, 01 July 2016 - 07:21 AM.

Posted Image

#3 sflatechguy


  • BC Advisor
  • 2,257 posts
  • Gender:Male
  • Local time:01:05 PM

Posted 03 July 2016 - 04:20 PM

What happens if you reboot the server? That error message can occur if the NIC drivers need to be updated (unlikely, since this a VM), or the necessary ports aren't open. RPC will open a number of dynamic ports during each session; they will be randomly generated and assigned, and fall between port 49152 and port 65535. You need to make sure this range of ports remains open.


As for Event ID 4227, you may want to read this:




The recommended fix is to refresh the protocol configuration on that NIC.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users