Event ID 5721 after Deleting Computer Account


You may have problems logging on to your Windows NT domain from a Windows NT Workstation or Server computer that is a member of a domain and receive the following logon message:
The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect.
The following event may be logged in Event Viewer.
Event ID 5721: The session setup to the Windows NT Domain Controller <Unknown> for the domain <Domain Name> failed because the Windows NT Domain Controller does not have an account for the computer <computername>.


The Netlogon service may fail to start and Event 5721 will be logged if one of the following conditions are true:
  1. The computer account has been removed.
  2. The computer name has been changed.
  3. The computer account password has changed because another Windows NT system with the same computername has joined the domain.
  4. The domain is not synchronized.
In order for a Windows NT system to log on to a domain, it must establish a secure channel with a domain controller for the purpose of pass-thru authentication. The netlogon service uses the computer account and an associated password to establish the secure channel.


You should first verify that an account has been created in Server Manager for the computer. You can do this by select "Show Domain Members" from the View menu. If an account does not exist start from Step 3, below.

You should also verify that domain synchronization is successful. For more information, please refer to the following Microsoft Knowledge Base article:
ARTICLE-ID: 149664
TITLE : Verifying Domain Netlogon Synchronization
If the above conditions have been met and you are still receiving the Event ID 5721, the computer account should be recreated and the Windows NT System should rejoin the domain.

If you cannot log on to the domain, you can log on to the local computer by selecting the local computer name in the From field and specifying a local user name and password. To do this, perform the following steps:
  1. From Server Manager, select the computer name from the list of computers in the domain.
  2. From the Computer menu, select Remove from Domain and click Yes when prompted to confirm the removal.
  3. From the Computer menu, select Add to Domain.
  4. Select Windows NT Workstation or Server, type the appropriate computer name, and then click the Add button.
  5. Click the Close button.
  6. Select the primary domain controller (PDC) from the list of computers in the domain.
  7. From the Computer menu, select Synchronize the Entire Domain.
  8. Click Yes twice.
  9. Click the OK button.
  10. From the Windows NT Workstation or Server computer, double-click the Control Panel Network icon.
  11. Click Change.
  12. Select Workgroup, and then click OK.
  13. Click Yes, then click OK twice.
  14. Click Restart Now.
  15. After the computer has restarted, log on as an administrator of the local computer, by selecting the computer name in the From Field.
  16. From the Control Panel Network tool, click Change next to the Workgroup name.
  17. Select Domain and type the appropriate domain name.
  18. Click OK, then click Yes.
  19. Click OK twice.
  20. Click Restart Now.
If you are an administrator of the domain, you can skip steps 1-9. When joining the domain, click the Create Computer Account in Domain box and specify a valid administrator name and password.

The above instructions do not apply to Backup Domain Controllers (BDC). For related information on BDCs, please refer to the following Microsoft Knowledge Base article:
ARTICLE-ID: 153719
TITLE : How to Re-Sync PDC/BDC Trust After Event IDs 3210 and 7023