In my support role, we would get nightly alerts showing disconnection to the PDC from other DCs and Exchange Servers, giving the following events:<\/p>\n\n\n\n
DC02<\/font> DC03<\/font> In order to validate the secure channel, you normally run the nltest command (you can also run the Test-ComputerSecureChannel PowerShell cmdlet) to verify the connectivity to the PDC on the secure channel. The scenario is though that multiple DCs or Exchange servers are having multiple events at a similar time due to a network hiccup that brought the secure channel offline between the two Servers. NOTE: This script needs to be run on a server that has the Exchange and Active Directory RSAT tools for PowerShell.<\/p>\n\n\n I can’t really put out the output since it will have customer PII, but you will see where it will list the DC\/Exchange Server Name, show the events, then run the test. You can then troubleshoot from there. Also, know that the secure channel test will FAIL when run on the PDC Emulator DC. The PDC Emulator cannot run a secure channel test on itself.<\/em><\/p>\n\n\n\n Please, if you have any questions or comments, please leave some feedback! Happy Troubleshooting! <\/strong><\/p>\n","protected":false},"excerpt":{"rendered":" In my support role, we would get nightly alerts showing disconnection to the PDC from other DCs and Exchange Servers, giving the<\/p>\n
10\/31\/2018 23:20:28 5719<\/font>
NETLOGON
This computer was not able to set up a secure session with a domain controller in domain LDLNET due to the following:
The remote procedure call was cancelled.
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.
ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the
secure session to any domain controller in the specified domain.<\/p>\n\n\n\n
10\/31\/2018 23:18:58 5783<\/font>
NETLOGON
The session setup to the Windows NT or Windows 2000 Domain Controller \\\\DC01.LDLNET.ORG<\/font> for the domain LDLNET is not responsive. The current RPC call from Netlogon on \\\\DC03<\/font> to \\\\DC01.ldlnet.org<\/font> has been cancelled.<\/p>\n\n\n\n
Our team at the time was getting a lot of alerts generated and it was taking an inordinate amount of time to validate and test. In an effort to provide an efficient solution for this issue, I compiled a PowerShell ps1 script to first validate the events posted in the past three hours, and then secondly, test all the DCs and Exchange Servers for the Secure Channel Connectivity:<\/p>\n\n\n\n#Start Script\n\u00a0\n#Import Active Directory Module\nWrite-Host\nWrite-Host \"Importing the Active Directory Module\" -ForegroundColor Green\nImport-Module ActiveDirectory\n\n#Import Exchange Module\n Write-Host \"Loading the Exchange Snap-In\"\n Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010 -ErrorAction SilentlyContinue\n . $env:ExchangeInstallPath\\bin\\RemoteExchange.ps1\n Connect-ExchangeServer -auto -AllowClobber\n\u00a0\n#Get the list of DCs in the domain\nWrite-Host\nWrite-Host \"Getting the list of DCs for LDLNET\" -ForegroundColor Magenta\n$DCList = Get-ADDomainController -Filter * | Sort-Object Name | Select-Object Name\n\n#Get the list of Exchange Servers in the domain\nWrite-Host\nWrite-Host \"Getting the list of Exchange Servers for LDLNET\" -ForegroundColor Magenta\n$EXList = Get-ExchangeServer | Sort-Object Name | Select-Object Name\n\u00a0\n#Run the command against each server to pull the Events from Event Logging. Make sure you have the StartTime;Endtime parameters correct. This gets events for the past three hours.\nWrite-Host\nWrite-Host \"Getting a list of 5719 and 5783 Events from the DCs for the past three hours.\" -ForegroundColor DarkCyan\nforeach ($DC in $DCList) {\ntry{\n\u00a0\u00a0\u00a0 echo $DC.name\n\u00a0\u00a0\u00a0 $Event = Get-Winevent -ComputerName $DC.name -FilterHashTable @{LogName=\"System\";StartTime=((get-date).addhours(-3));id='5719','5783'} -ErrorAction Stop | foreach {[string]$_.timecreated + \"`t\" + [string] $_.id + \"`n\"\u00a0 + $_.ProviderName + \"`n\" + $_.message + \"`n\"}\n\u00a0\u00a0\u00a0 Write-Host \"$Event\" -ForegroundColor Red \n }\n\u00a0\u00a0\u00a0 Catch{Write-Host \"No Events Found For This Server\" -ForegroundColor Green\n\t\tWrite-Host}\n}\n\n#Run the command against each server to pull the Events from Event Logging. Make sure you have the StartTime;Endtime parameters correct. This gets events for the past three hours.\nWrite-Host\nWrite-Host \"Getting a list of 5719 and 5783 Events from the Exchange Servers for the past three hours.\" -ForegroundColor DarkCyan\nforeach ($EX in $EXList) {\ntry{\n echo $EX.Name\n $Event = Get-Winevent -ComputerName $EX.name -FilterHashTable @{LogName=\"System\";StartTime=((get-date).addhours(-3));id='5719','5783'} -ErrorAction Stop | foreach {[string]$_.timecreated + \"`t\" + [string] $_.id + \"`n\" + $_.ProviderName + \"`n\"\u00a0 + $_.message + \"`n\"}\n Write-Host \"$Event\" -ForegroundColor Red \n }\n Catch{Write-Host \"No Events Found For This Server\" -ForegroundColor Green\n Write-Host}\n}\n\u00a0\n#Run the Secure Channel Test for the DCs. Make sure you modify the nltest command for your domain fqdn.\nStart-Sleep -Seconds 2\nWrite-Host\nWrite-Host \"Testing Secure Channel for the DCs in LDLNET\" -ForegroundColor Cyan\nforeach ($DC in $DCList) {\ntry{\n\techo $DC.name\n\t$Test = Invoke-Command -ComputerName $DC.Name -ScriptBlock {nltest \/sc_verify:ldlnet.org} -ErrorAction Stop | Out-String -Stream\n\tWrite-Host \"$Test\" -ForegroundColor Yellow \n\t}\n\tCatch{Write-Host \"Secure Channel Test Failed For This Server\" -ForegroundColor Red}\n}\n\n#Run the Secure Channel Test for the Exchange Servers. Make sure you modify the nltest command for your domain fqdn.\nStart-Sleep -Seconds 2\nWrite-Host\nWrite-Host \"Testing Secure Channel for the Exchange Servers in LDLNET\" -ForegroundColor Cyan\nforeach ($EX in $EXList) {\ntry{\n\techo $EX.name\n\t$Test = Invoke-Command -ComputerName $EX.Name -ScriptBlock {nltest \/sc_verify:ldlnet.org} -ErrorAction Stop | Out-String -Stream\n\tWrite-Host \"$Test\" -ForegroundColor Yellow \n\t}\n\tCatch{Write-Host \"Secure Channel Test Failed For This Server\" -ForegroundColor Red}\n}\n\n#End of Script <\/pre>\n\n\n\n