Windows 24H2 Netlogon Event ID 5719

[Anthony Meluso]

Hi all,

Testing Windows 24H2 in our environment and noticed each machine is reporting this error in the event log each time the service is started. We also discovered the machine password is not changed after 30 days. Our Windows 11 23H2 machines are not experiencing this issue with machine password rotations.

This computer was not able to set up a secure session with a domain controller in domain due to the following: 

An internal error occurred. 

This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator

I found other posts online about this issue.

W11 24H2 - Trust relationship breaking with hybrid-joined machines | Microsoft Community Hub

Error ID 5719 when start OR restart NETLOGON service on W11 24H2 - Microsoft Q&A

Take care,

Anthony Meluso
Director of Technology
Watchung Hills Regional High School
108 Stirling Rd.
Warren, NJ 07059
908-647-4800 Ext. 4962

[Wright, John M]

Just a guess but could you be using NTLMv1?  Microsoft Phases Out NTLMv1 in Windows 11 24H2 and Server 2025

 

If so, you might explore requiring at least v2.

 

--

John Wright

IT Support Specialist

1800 Old Bluegrass Avenue, Louisville, KY 40215

502.708.9953

Please submit IT requests to Hazelwoo...@bluegrass.org

24 Hour Helpline 1.800.928.8000

  

CONFIDENTIALITY NOTICE: This message contains confidential information and is intended only for the individual(s) addressed in the message. If you are not the named addressee, you should not disseminate, distribute, or copy this e-mail. If you are not the intended recipient, you are notified that disclosing, distributing, or copying this e-mail is strictly prohibited.

 

From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of Anthony Meluso
Sent: Friday, February 7, 2025 1:45 PM
To: ntsys...@googlegroups.com
Subject: [ntsysadmin] Windows 24H2 Netlogon Event ID 5719

 

This is the first time you received an email from this sender (ame...@whrhs.org). Exercise caution when clicking links, opening attachments or taking further action, before validating its authenticity.

Secured by Check Point

--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CAPEMYtHwth8JekxG8CMHJnG37gq1aoTZTxp9S04xgnsAFd68ug%40mail.gmail.com.

[Anthony Meluso]

Hi John,

Do you mean this policy? I have enabled for years.

Take care,

Anthony Meluso
Director of Technology
Watchung Hills Regional High School
108 Stirling Rd.
Warren, NJ 07059
908-647-4800 Ext. 4962

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/DM6PR12MB43728B170401935947F695FA91F12%40DM6PR12MB4372.namprd12.prod.outlook.com.

[Wright, John M]

Yes, that’s it.  In that case, there’s this:  Win11 24H2 breaks LDAP authentication for Enterprise app - Windows - Spiceworks Community

 

A poster claims that he worked around it by giving domain\username instead of only username.  Strange if true but you can try it.

 

--

John Wright

IT Support Specialist

1800 Old Bluegrass Avenue, Louisville, KY 40215

502.708.9953

Please submit IT requests to Hazelwoo...@bluegrass.org

24 Hour Helpline 1.800.928.8000

  

CONFIDENTIALITY NOTICE: This message contains confidential information and is intended only for the individual(s) addressed in the message. If you are not the named addressee, you should not disseminate, distribute, or copy this e-mail. If you are not the intended recipient, you are notified that disclosing, distributing, or copying this e-mail is strictly prohibited.

 

From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of Anthony Meluso
Sent: Friday, February 7, 2025 2:00 PM
To: ntsys...@googlegroups.com
Subject: Re: [ntsysadmin] Windows 24H2 Netlogon Event ID 5719

 

This is the first time you received an email from this sender (ame...@whrhs.org). Exercise caution when clicking links, opening attachments or taking further action, before validating its authenticity.

Secured by Check Point

 

Hi John,

 

Do you mean this policy? I have enabled for years.

 

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CAPEMYtHu7hnDgepdx1A37nT8Laro_s27GJ19Z-cdKKtBDQjTNA%40mail.gmail.com.

[Anthony Meluso]

Turned on debugging for Netlogon and noticed this after a restart of the service.

02/07 14:24:15 [SESSION] [1684] WHRHS: NlSessionSetup: Denied access as we could not authenticate with Kerberos 0xC002002E

02/07 14:24:15 [CRITICAL] [1684] Assertion failed: ClientSession->CsState == CS_IDLE (Source File: onecore\ds\netapi\svcdlls\logonsrv\server\lsrvutil.c, line 3963)

02/07 14:24:15 [SESSION] [1684] WHRHS: NlSessionSetup: Denied access as we could not authenticate with Kerberos (translated status) 0xC00000E5

02/07 14:24:15 [SESSION] [1684] WHRHS: NlSetStatusClientSession: Set connection status to c00000e5

Take care,

Anthony Meluso
Director of Technology
Watchung Hills Regional High School
108 Stirling Rd.
Warren, NJ 07059
908-647-4800 Ext. 4962

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/DM6PR12MB4372F45DA1FEFE455F096E4691F12%40DM6PR12MB4372.namprd12.prod.outlook.com.

[ODONNELL Aaron M]

We have this exact same problem and netlogon error on 24H2 workstations and it started sometime in November when we began to roll out 24H2 in-place upgrades. We opened a ticket with Microsoft. They first told us create this registry key on workstations:

 

HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
UseKerberosForSecureChannels = 0 (REG_DWORD)

 

That got rid of the error message but didn’t fix the machine password issue. They’ve been “discussing” the issue internally since then and we haven’t gotten any updates on the ticket.

 

We’ve since gone back to 23H2 while we wait for resolution.

 

 

Thanks,

 

Aaron O’Donnell

 

 

From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of Anthony Meluso
Sent: Friday, February 7, 2025 10:45
To: ntsys...@googlegroups.com
Subject: [ntsysadmin] Windows 24H2 Netlogon Event ID 5719

 

This message was sent from outside the organization. Treat attachments, links and requests with caution. Be conscious of the information you share if you respond.

--

[Anthony Meluso]

Thanks Aaron, we will hold up our roll out here. What's interesting is that they asked you to disable UseKerberosForSecureChannels. Why lol? Isn't that the preferred way to issue tickets in a Windows domain?

Take care,

Anthony Meluso
Director of Technology
Watchung Hills Regional High School
108 Stirling Rd.
Warren, NJ 07059
908-647-4800 Ext. 4962

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CO6PR09MB842311D8BD54F2CC9BC81D0A95F12%40CO6PR09MB8423.namprd09.prod.outlook.com.

[Kurt Buff]

Whether or not that works, it's possible that the UPN would also work. Might also be worth a try.

Kurt

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/DM6PR12MB4372F45DA1FEFE455F096E4691F12%40DM6PR12MB4372.namprd12.prod.outlook.com.

[Anthony Meluso]

Just to be clear other than the event being logged and the machine password not updating have not seen any trust related issues to logging into the computer... yet. I'm pretty sure that will happen if this is left unfixed.

Take care,

Anthony Meluso
Director of Technology
Watchung Hills Regional High School
108 Stirling Rd.
Warren, NJ 07059
908-647-4800 Ext. 4962

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CADy1Ce7oRZLrh9LXV9LVEYXePFHAHdESTeqvJOkede-AKeeFag%40mail.gmail.com.

[Kurt Buff]

From what I've seen, 24H2 is snakebit. It reminds me of the even-numbered Service Packs for NT4 - so many problems.

Kurt

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CAPEMYtH-peQzO8MJT_M5HkCfo%2BqJzJvDj9Gk5oP%3DFRxjWXyTrA%40mail.gmail.com.

[Anthony Meluso]

Just looking some more at the debug log. I'm guess there is some flaw in how it determines the age of the machine password based on these two lines?

02/07 15:01:18 [MISC] [3000] DsGetDcName function returns 0 (client PID=1440): Dom:WHRHS Acct:(null) Flags: DS RET_DNS 

02/07 15:01:18 [MISC] [12268] NlpStoreKeyInDS: Key already provisioned in DS, nothing to do

02/07 15:01:18 [MISC] [12268] NlProvisionMachineAuthKey: Successfully provisioned the machine auth key

Take care,

Anthony Meluso
Director of Technology
Watchung Hills Regional High School
108 Stirling Rd.
Warren, NJ 07059
908-647-4800 Ext. 4962

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CADy1Ce6inorvr%3DrkAFgSM0HwEhyz7-Gaj7vKw8k5%3D5G9cQiKQA%40mail.gmail.com.

[Lieckfeldt.Sven]

What could be the impact for the end user? The machine password is not expiring, so logon will not be a problem, right?

Von: ntsys...@googlegroups.com <ntsys...@googlegroups.com> Im Auftrag von Anthony Meluso
Gesendet: Freitag, 7. Februar 2025 21:22
An: ntsys...@googlegroups.com
Betreff: Re: [ntsysadmin] Windows 24H2 Netlogon Event ID 5719

 

Achtung! Externe E-Mail. Bitte mit Links und Anhängen aufpassen!

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CAPEMYtHuq1EuityhSs67-%3DDkSZPq4%2B7j9td94g4ML2hjDwpe6g%40mail.gmail.com.

[ODONNELL Aaron M]

Assuming the domain trust is actually fine and working despite the error message and the machine password not changing, the end user probably won’t really see an issue, at least not according to this: Secure Channel/Expired Machine Account Password Concerns – Revisited | Microsoft Community Hub

 

It complicates our efforts to locate stale AD objects because we scan for computers with a machine password of -60 days to determine if the object should be deleted, and now we have hundreds of active PCs that haven’t reset their password since October even though they’re online on-prem and in use every day.

 

Thanks,

 

Aaron O’Donnell

 

 

From: 'Lieckfeldt.Sven' via ntsysadmin <ntsys...@googlegroups.com>
Sent: Monday, February 10, 2025 00:40
To: ntsys...@googlegroups.com
Subject: AW: [ntsysadmin] Windows 24H2 Netlogon Event ID 5719

 

This message was sent from outside the organization. Treat attachments, links and requests with caution. Be conscious of the information you share if you respond.

What could be the impact for the end user? The machine password is not expiring, so logon will not be a problem, right?

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/BE1P281MB32719040777E910300AD1DACDDF22%40BE1P281MB3271.DEUP281.PROD.OUTLOOK.COM.

[Lieckfeldt.Sven]

Oh, I didn’t think about cleaning up computers. You’re right. That’s not good. We have such a job in place, which could lead to trouble…

 

Thanks,

Sven 

.
To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CO6PR09MB84233121D45B6B896E33D8A895F22%40CO6PR09MB8423.namprd09.prod.outlook.com.

[Charles F Sullivan]

In a test lab I have a Windows 2025 AD running with a Windows 11 24H2 VM as a client. The 5719 events don't happen on that workstation. It was joined to that domain just under 30 days ago, so it will be a couple of days before it attempts to change its password, which I assume will succeed.

I have one such workstation in our Windows 2019 domain, which was joined to AD just a few days ago. It's getting the 5719 events, but I was able to manually change its password. I'm not sure if letting the machine change its own password might behave differently.

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CO6PR09MB84233121D45B6B896E33D8A895F22%40CO6PR09MB8423.namprd09.prod.outlook.com.

--

Charlie Sullivan

Principal Windows Systems Administrator

[Anthony Meluso]

Hi Charles,

Thanks for testing this out. The more I look into this issue, it keeps coming back to the DC server version installed. We just moved our DCs to Windows Server 2022 this past summer, I have no intention to move them to 2025 with it being only a few months old.

Take care,

Anthony Meluso
Director of Technology
Watchung Hills Regional High School
108 Stirling Rd.
Warren, NJ 07059
908-647-4800 Ext. 4962

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CAEuHzzkp7-DFFikzkExR8yQBB5UW-3S-AC%2BvcirVNnm0sxrRMw%40mail.gmail.com.

[ODONNELL Aaron M]

We just got an update to our Microsoft ticket – they have this issue posted on their internal documentation system but not made public yet. The only interesting thing they noted is that Credential Guard being enabled might be a factor, and Server 2025 is affected as well as Win11 24H2.

 

All they gave us was telling us to either reset the machine password manually on all the affected systems with powershell (lol) or to use a group policy that just blocks the event ID 5719 from showing up in event viewer:

 

Workaround #2
On a wide scale we can disable the following policy as another workaround. This will prevent the machine from attempting to use the machine bound certificate for Kerberos auth entirely. That may or may not affect other things in the customer environment so test.
Computer Configuration\Administrative Templates\System\Kerberos Support device authentication using certificate

 

They’re “still investigating”

 

 

 

From: 'Charles F Sullivan' via ntsysadmin <ntsys...@googlegroups.com>
Sent: Tuesday, February 11, 2025 08:47
To: ntsys...@googlegroups.com
Subject: Re: [ntsysadmin] Windows 24H2 Netlogon Event ID 5719

 

This message was sent from outside the organization. Treat attachments, links and requests with caution. Be conscious of the information you share if you respond.

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CAEuHzzkp7-DFFikzkExR8yQBB5UW-3S-AC%2BvcirVNnm0sxrRMw%40mail.gmail.com.

[Anthony Meluso]

If they made this public, adoption of 24H2 would drop to zero. Thanks for keeping us updated.

Take care,

Anthony Meluso
Director of Technology
Watchung Hills Regional High School 
108 Stirling Rd.
Warren, NJ 07059
908-647-4800 Ext. 4962

---

From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> on behalf of ODONNELL Aaron M <Aaron.M....@odot.oregon.gov>
Sent: Tuesday, February 11, 2025 4:56:09 PM
To: ntsys...@googlegroups.com <ntsys...@googlegroups.com>
Subject: RE: [ntsysadmin] Windows 24H2 Netlogon Event ID 5719

 

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CO6PR09MB8423CB92AC51DB3962C62CCA95FD2%40CO6PR09MB8423.namprd09.prod.outlook.com.

[Charles F Sullivan]

Thanks for the update. We have a couple of Windows 2025 member servers and I see event 5719 after each reboot. I hadn't thought to check until now.

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CO6PR09MB8423CB92AC51DB3962C62CCA95FD2%40CO6PR09MB8423.namprd09.prod.outlook.com.

[susan.eli...@gmail.com]

Mind if I make this a bit more public? Firstly to cc to the patchmanagement list and then to start making this more known.

I HATE the quiet support cases but there's nothing on the "known issues" section yet.

[ODONNELL Aaron M]

Fine with me. I first saw mention of this in a reddit post from December about the same error message but not specifically the machine password issue (NETLOGON 5719 after W11 24H2 : r/sysadmin) so it kind of seems like this has been known for a while but we were told the internal document was dated yesterday 2/10 so who knows.

 

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/0ebd26b6-4891-491b-b90a-0feeb504f439n%40googlegroups.com.

[susan.eli...@gmail.com]

BTW credential guard is not a factor.  I have a 24H2 that I see that event and I don't have credential guard running on that machine.

[Markus Klocker]

We have VBS disabled so no CredGuard.
I picked one machine with 24H2 that has this event but only after installing the machine.
At some point the event doesn't occur any more.

The issue has been introduced with 24H2 it seems cause 23H2 don't have the event.

    Markus

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/05dc48ed-ae4d-42cc-bd21-a68c9d527e81n%40googlegroups.com.

[Charles F Sullivan]

I think that if you reboot that 24H2 machine you *will* still see the 5719 error a minute or two after the machine starts. I've been watching this for a couple of weeks and without exception a reboot of Win11 24H2 or Windows Server 2025 throws the error.

 

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/ee90c280-b2e7-44c2-8ac1-b2447eb2f6f1%40univie.ac.at.

[Charles F Sullivan]

I think that if you reboot that 24H2 machine you *will* still see the 5719 error a couple of minutes after the machine starts. I've been watching this for a couple of weeks and without exception a reboot of Win11 24H2 or Windows Server 2025 throws the error.

On Wed, Feb 12, 2025 at 12:24 AM Markus Klocker <markus....@univie.ac.at> wrote:

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/ee90c280-b2e7-44c2-8ac1-b2447eb2f6f1%40univie.ac.at.

[Anthony Meluso]

Checking if there has been an update from Microsoft on this issue. I know a Preview CU was posted but did not see anything mentioned around this issue.

Take care,

Anthony Meluso
Director of Technology
Watchung Hills Regional High School
108 Stirling Rd.
Warren, NJ 07059
908-647-4800 Ext. 4962

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CAEuHzzkJk9FP2%3DuH7_sYQno5jq2-bFGt00i3bfYo9DvR-3uxhQ%40mail.gmail.com.

[ODONNELL Aaron M]

Nope. We’ve been asking for our ticket to be escalated past tier one but we’re getting the usual runaround and zero progress that we seem to get from msft support lately.

 

 

Thanks,

 

Aaron O’Donnell

 

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CAPEMYtHZOAaKPEWNrkQj6nyPdPtzYYos5KTHExExq-y72CMcOg%40mail.gmail.com.

[Michael B. Smith]

I haven’t checked since Monday, but there wasn’t as of then.

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CAPEMYtHZOAaKPEWNrkQj6nyPdPtzYYos5KTHExExq-y72CMcOg%40mail.gmail.com.

[Anthony Meluso]

Saw  this mentioned on a post I'm following(Error ID 5719 when start OR restart NETLOGON service on W11 24H2 - Microsoft Q&A):

Take care,

Anthony Meluso
Director of Technology
Watchung Hills Regional High School
108 Stirling Rd.
Warren, NJ 07059
908-647-4800 Ext. 4962

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/bcaebfbfde4140c5a420dfab9b3edac4%40smithcons.com.

[ODONNELL Aaron M]

We got an update on the issue after it got escalated to someone in microsoft support past their useless tier 1 support that actually understood the issue. It turns out … it’s actually two issues, and we now have them both after some testing:

 

Issue #1

Machine does not change password at defined interval.

 

This occurs because the machine has Credential Guard enabled and has been able to provision itself a machine certificate for use with Active Directory.  During the password change it is using the machine certificate the authenticate and obtain the kadmin/changepw ticket.  However, credential guard is blocking the attempt to get that ticket.

 

Workarounds:

1. Manually reset the computer password from the machine.
2. Disable the machine use of machine bound certificate for authentication via GPO.  This forces the machine to use the machine password for the password change instead of the machine bound certificate with Kerberos.  This does not affect other uses of certificates like for SSL connections.

Computer Configuration\Administrative Templates\System\Kerberos - Support device authentication using certificate – Disable

Issue #2

Machine changing password can crash lsass and cause the machine to reboot if the following auditing is configured in Advanced Audit Policies

Object Access Auditing -> Audit Other Object Access Events

 

Workarounds:

1. Configure the following object Access to NOT audit for in Advanced Audit Policies for the following category.

Object Access Auditing -> Audit Other Object Access Events

2. Temporarily disable the machine from attempting to change the password via GPO.

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options - Domain member: Disable machine account password changes – Enable

 

 

We haven’t tried any of the workaround yet. Still no ETA on a resolution or apparent public acknowledgement of this problem.

 

 

 

Thanks,

 

Aaron O’Donnell

 

From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of Anthony Meluso
Sent: Monday, February 24, 2025 6:16 AM
To: ntsys...@googlegroups.com
Subject: Re: [ntsysadmin] Windows 24H2 Netlogon Event ID 5719

 

This message was sent from outside the organization. Treat attachments, links and requests with caution. Be conscious of the information you share if you respond.

Saw  this mentioned on a post I'm following(Error ID 5719 when start OR restart NETLOGON service on W11 24H2 - Microsoft Q&A):

 

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CAPEMYtHYuvdo0W5R_Frh0%3DVk5O%2BkK3QX6pqBzX1ukyC1tHm0XA%40mail.gmail.com.

[Anthony Meluso]

Both of these workarounds suck lol. We have Credential Guard enabled since Windows 11 22H2 and machine passwords updated just fine. It's only on Windows 11 24H2 does this now become a problem. Not even going to bother to test this. I'm not even sure how disabling "Kerberos - Support device authentication using certificate" could impact us in other ways and lessen our security posture. The second issue we have not seen since we do not have Advanced Auditing configured for client workstations, just DCs.

I'm not sure why they haven't publicly acknowledged this yet. It's 100% reproducible. We will continue to sit on 23H2.

Thanks for following up Aaron.

Take care,

Anthony Meluso
Director of Technology
Watchung Hills Regional High School
108 Stirling Rd.
Warren, NJ 07059
908-647-4800 Ext. 4962

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CO6PR09MB8423D1B3E3EAAA7B13678B4B95D52%40CO6PR09MB8423.namprd09.prod.outlook.com.

[Charles F Sullivan]

On the couple of Windows 2025 servers we have, I see the 5719 events at startup, but I see that the servers have updated their passwords on their own. Both have Credential Guard enabled. I figured I would need to manually update the passwords for now. Not sure why this is.

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CAPEMYtEq8nLJwbp7WJAexNZgJ__QZYZ%2BxbD7Dd0w4aXYNom5Dw%40mail.gmail.com.

[Anthony Meluso]

Microsoft released a preview of April CU yesterday, KB5053656 (Releasing Windows 11 Build 26100.3613 to the Release Preview Channel | Windows Insider Blog). There are two fixed items that could be related to this issue. I am waiting for this to become available in the catalog to test.

Take care,

Anthony Meluso
Director of Technology
Watchung Hills Regional High School
108 Stirling Rd.
Warren, NJ 07059
908-647-4800 Ext. 4962

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CAEuHzzkphR7hNj4XwdwAoAxEp%2BJ7rK9FYYX4K0Tt5ejh9q%2BALw%40mail.gmail.com.

[ODONNELL Aaron M]

Since we have an open ticket still I queried msft and got this response:

 

“There is nothing in the preview release mentioned that would directly address the machine password rotation question that I can find.”

 

Sorry to be the bearer of bad news. I got excited too hoping this would be a fix.

 

Thanks,

 

Aaron O’Donnell

 

From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of Anthony Meluso
Sent: Wednesday, March 19, 2025 4:00 PM
To: ntsys...@googlegroups.com
Subject: Re: [ntsysadmin] Windows 24H2 Netlogon Event ID 5719

 

This message was sent from outside the organization. Treat attachments, links and requests with caution. Be conscious of the information you share if you respond.

Microsoft released a preview of April CU yesterday, KB5053656 (Releasing Windows 11 Build 26100.3613 to the Release Preview Channel | Windows Insider Blog). There are two fixed items that could be related to this issue. I am waiting for this to become available in the catalog to test.

 

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CAPEMYtGx1EeSp5jMPvgssNrBRzoN43WkaKTVU5r5N8zf3VwkVw%40mail.gmail.com.

[Anthony Meluso]

Bah! I'm still going to test it when it's released to the catalog.

Take care,

Anthony Meluso
Director of Technology
Watchung Hills Regional High School
108 Stirling Rd.
Warren, NJ 07059
908-647-4800 Ext. 4962

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CO6PR09MB8423586B8AE179480371726695D82%40CO6PR09MB8423.namprd09.prod.outlook.com.

[Charles F Sullivan]

I have a couple of test VMs which hadn't been started up in a few weeks. One is Windows 11 24H2, the other Windows Server 2025. I started them both up today and got the same behavior on both. Despite the 5719 error, the computers changed their passwords.

You can see on the Windows 11 machine that the PW change happened a second after the error:

They belong to a Windows 2019 domain. Single forest, single domain, Windows 2016 functional level.

This makes it seem that it doesn't really have an impact for us.
 

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CAPEMYtHJSVNYUzfnQzqLag7HrdKEy4YyX9bRMvXEE0%2BvHi9pmA%40mail.gmail.com.

[Anthony Meluso]

What does the password last change attribute for that machine in Active Directory show? From the computers and users console?

Take care,

Anthony Meluso
Director of Technology
Watchung Hills Regional High School 
108 Stirling Rd.
Warren, NJ 07059
908-647-4800 Ext. 4962

From: 'Charles F Sullivan' via ntsysadmin <ntsys...@googlegroups.com>

Sent: Thursday, March 20, 2025 3:56:50 PM
To: ntsys...@googlegroups.com <ntsys...@googlegroups.com>

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CAEuHzz%3DV6d2JHSRHRgCv8AXGYSjff_CFhc1%2BrwMTg3nCuydT1A%40mail.gmail.com.

[Charles F Sullivan]

Same thing, as I would expect.

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/SA1PR10MB7856A0D4DBB8BC1A1885FF53AAD82%40SA1PR10MB7856.namprd10.prod.outlook.com.

[Anthony Meluso]

I just used Powershell to check for machine passwords over 30 days old. I did notice a few 24H2 machines are correctly updating their machine passwords. But the vast majority are not. No idea why.

Take care,

Anthony Meluso
Director of Technology
Watchung Hills Regional High School
108 Stirling Rd.
Warren, NJ 07059
908-647-4800 Ext. 4962

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CAEuHzzkDo%2BmXeAUmRH%3DjPnygtfzfPOHMJzPwsJ8VJ5eBZt23wA%40mail.gmail.com.

[Anthony Meluso]

Looks like Microsoft finally identified the issue and this month's CU helps to resolve it, WI1050811. I can confirm 24H2 machines are updating their passwords again!

https://admin.cloud.microsoft/Adminportal/Home?source=applauncher#/windowsreleasehealth/:/issue/WI1050811

Take care,

Anthony Meluso
Director of Technology
Watchung Hills Regional High School
108 Stirling Rd.
Warren, NJ 07059
908-647-4800 Ext. 4962

[Charles F Sullivan]

I'm still getting the 5719 errors after installing the CU. I can't find any here that are having trouble changing passwords, so I can't report any changes with that.

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CAPEMYtGyd8OyjOv%3DoKfRn1%2B0ugXTjvo4-8k3QXFw3XEVmF7%2BUA%40mail.gmail.com.

[Lieckfeldt.Sven]

I still see the error 5719 as well.

But password change for the client has worked after CU installation.

 

Cheers,

Sven 

Von: 'Charles F Sullivan' via ntsysadmin <ntsys...@googlegroups.com>
Gesendet: Mittwoch, 9. April 2025 18:01
An: ntsys...@googlegroups.com
Betreff: Re: [ntsysadmin] Windows 24H2 Netlogon Event ID 5719

 

Achtung! Externe E-Mail. Bitte mit Links und Anhängen aufpassen!

I'm still getting the 5719 errors after installing the CU. I can't find any here that are having trouble changing passwords, so I can't report any changes with that.

 

On Tue, Apr 8, 2025 at 6:20 PM Anthony Meluso <ame...@whrhs.org> wrote:

Looks like Microsoft finally identified the issue and this month's CU helps to resolve it, WI1050811. I can confirm 24H2 machines are updating their passwords again!

 

https://admin.cloud.microsoft/Adminportal/Home?source=applauncher#/windowsreleasehealth/:/issue/WI1050811

 

Take care,

 

Anthony Meluso
Director of Technology
Watchung Hills Regional High School
108 Stirling Rd.
Warren, NJ 07059
908-647-4800 Ext. 4962

 

 

On Thu, Mar 20, 2025 at 6:03 PM Anthony Meluso <ame...@whrhs.org> wrote:

I just used Powershell to check for machine passwords over 30 days old. I did notice a few 24H2 machines are correctly updating their machine passwords. But the vast majority are not. No idea why.

 

Take care,

 

Anthony Meluso
Director of Technology
Watchung Hills Regional High School
108 Stirling Rd.
Warren, NJ 07059
908-647-4800 Ext. 4962

 

 

On Thu, Mar 20, 2025 at 5:15 PM 'Charles F Sullivan' via ntsysadmin <ntsys...@googlegroups.com> wrote:

Same thing, as I would expect.

 

 

 

On Thu, Mar 20, 2025 at 4:48 PM Anthony Meluso <ame...@whrhs.org> wrote:

What does the password last change attribute for that machine in Active Directory show? From the computers and users console?

 

Take care,

 

Anthony Meluso
Director of Technology
Watchung Hills Regional High School 
108 Stirling Rd.
Warren, NJ 07059
908-647-4800 Ext. 4962

 

---

From: 'Charles F Sullivan' via ntsysadmin <ntsys...@googlegroups.com>
Sent: Thursday, March 20, 2025 3:56:50 PM
To: ntsys...@googlegroups.com <ntsys...@googlegroups.com>
Subject: Re: [ntsysadmin] Windows 24H2 Netlogon Event ID 5719

 

I have a couple of test VMs which hadn't been started up in a few weeks. One is Windows 11 24H2, the other Windows Server 2025. I started them both up today and got the same behavior on both. Despite the 5719 error, the computers changed their passwords.

 

You can see on the Windows 11 machine that the PW change happened a second after the error:

 

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CAEuHzznvTbT_JJchsjrVp0MPYRT-L9ommFT%2BmOR5tMLuptbXCA%40mail.gmail.com.

[Charles F Sullivan]

In our environment I have not come across a Windows 11 24H2 or Windows 2025 machine that has failed to update its password once the 30 days has passed, so for us there seems to be nothing to fix. (We only have about 6 of these in total so it's easy to track.) 

This article does say that the current CU resolves the issue, consistent with what you're saying. It says devices using PKINT are susceptible, so maybe that's the difference.  Windows Server 2025 known issues and notifications | Microsoft Learn

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/BE1P281MB3271B79FFF49175F19819F54DDB72%40BE1P281MB3271.DEUP281.PROD.OUTLOOK.COM.

[James Iversen]

Has there been any traction to this issue? Am seeing similar behavior on domain and followed additional rabbit holes including new cert templates. Didn't make much progress. Thanks! 

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CAEuHzzm5zqv9cbrZzJhUkhgTofTaO4UxxSg%3DZk%3DH8E8mwBrWig%40mail.gmail.com.

[ODONNELL Aaron M]

Once we applied the April CU for 24h2, the machine passwords started updating again: Windows 11, version 24H2 known issues and notifications | Microsoft Learn

 

The microsoft tech in our ticket basically told us to just ignore that event log error if the machine password is updating (which ours are) so that’s what we’ve been doing.

 

 

Thanks,

 

Aaron O’Donnell

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CAEXKO-2Gw8WRJufhHc5Zm7paych95AMxaBBXq-tP3gdLvJT%2BuQ%40mail.gmail.com.

[James Iversen]

I’ll look into the update as it may have already been installed. That 5719 is bugging me tho. Every time I see an error in the system logs related to authentication or policy processing my hair stands on end. 

Thank you sir!

Sent from my iPhone

On May 5, 2025, at 5:07 PM, ODONNELL Aaron M <Aaron.M....@odot.oregon.gov> wrote:



<image001.png>

 

 

On Thu, Mar 20, 2025 at 4:48 PM Anthony Meluso <ame...@whrhs.org> wrote:

What does the password last change attribute for that machine in Active Directory show? From the computers and users console?

 

Take care,

 

Anthony Meluso
Director of Technology
Watchung Hills Regional High School 
108 Stirling Rd.
Warren, NJ 07059
908-647-4800 Ext. 4962

 

---

From: 'Charles F Sullivan' via ntsysadmin <ntsys...@googlegroups.com>
Sent: Thursday, March 20, 2025 3:56:50 PM
To: ntsys...@googlegroups.com <ntsys...@googlegroups.com>
Subject: Re: [ntsysadmin] Windows 24H2 Netlogon Event ID 5719

 

I have a couple of test VMs which hadn't been started up in a few weeks. One is Windows 11 24H2, the other Windows Server 2025. I started them both up today and got the same behavior on both. Despite the 5719 error, the computers changed their passwords.

 

You can see on the Windows 11 machine that the PW change happened a second after the error:

 

<image002.png>

 

They belong to a Windows 2019 domain. Single forest, single domain, Windows 2016 functional level.

 

This makes it seem that it doesn't really have an impact for us.
 

On Thu, Mar 20, 2025 at 2:43 PM Anthony Meluso <ame...@whrhs.org> wrote:

Bah! I'm still going to test it when it's released to the catalog.

 

Take care,

 

Anthony Meluso
Director of Technology
Watchung Hills Regional High School
108 Stirling Rd.
Warren, NJ 07059
908-647-4800 Ext. 4962

 

 

On Thu, Mar 20, 2025 at 2:40 PM ODONNELL Aaron M <Aaron.M....@odot.oregon.gov> wrote:

Since we have an open ticket still I queried msft and got this response:

 

“There is nothing in the preview release mentioned that would directly address the machine password rotation question that I can find.”

 

Sorry to be the bearer of bad news. I got excited too hoping this would be a fix.

 

Thanks,

 

Aaron O’Donnell

 

From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of Anthony Meluso
Sent: Wednesday, March 19, 2025 4:00 PM
To: ntsys...@googlegroups.com
Subject: Re: [ntsysadmin] Windows 24H2 Netlogon Event ID 5719

 

This message was sent from outside the organization. Treat attachments, links and requests with caution. Be conscious of the information you share if you respond.

Microsoft released a preview of April CU yesterday, KB5053656 (Releasing Windows 11 Build 26100.3613 to the Release Preview Channel | Windows Insider Blog). There are two fixed items that could be related to this issue. I am waiting for this to become available in the catalog to test.

 

<image003.png>

<image004.png>

<image005.png>

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CO6PR09MB8423F0328B56E189708A8F6E958E2%40CO6PR09MB8423.namprd09.prod.outlook.com.