This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 92%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
according to MS
Monitor patched DCs for event ID 5829 events. The events will include relevant information for identifying the non-compliant devices.
but this event did not even point what was the source of that !!!!
How can I figure out which device cause that events ? - I got zounds of such events.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
More details can be found here.
https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc
--please don't forget to Accept as answer if the reply is helpful--
I want to identify problematic stations - still "The events will include relevant information for identifying the non-compliant devices." - it is not true - event doesn't contain any information of source computer/user causing that event.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 28.999999999999996%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVW%3C/text%3E%3C/svg%3E)
Update the device, service and/or appliance that sets up the vulnerable Netlogon connection to support secure RPC with Netlogon secure channel. For Windows-based devices, this means updating them with the latest Windows Updates.
Check to ensure that the Domain member: Digitally encrypt or sign secure channel data (always) Group Policy setting is set to Enabled.
Use the "Domain controller: Allow vulnerable Netlogon secure channel connections" group policy to add non-compliant accounts. This should only be considered a short-term remedy until non-compliant devices are addressed as described above.
Hope this information can help you
Best wishes
Vicky
I read this https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc
still - i cant find any info about source computer/user causing that event - while description is : "The events will include relevant information for identifying the non-compliant devices."