Lsasrv Event ID 40960
in [Active Directory]
|
Prev: certsvc error 58 et 100
Next: ERROR_NO_SUCH_DOMAIN
From: kbergros on 23 May 2006 02:55 Hi! I'm having a problem that really disturb me..... I get on 2 of my windows 2003 memberservers a logentry twice a day saying the following: Event Type: Warning Event Source: LSASRV Event Category: SPNEGO (Negotiator) Event ID: 40960 Date: 2006-05-21 Time: 03:43:47 User: N/A Computer: gimli Description: The Security System detected an authentication error for the server ldap/gollum.test.timber.se/test.timber.se(a)test.timber.se. The failure code from authentication protocol Kerberos was "The attempted logon is invalid. This is either due to a bad username or authentication information. (0xc000006d)". I checked everything according to DNS entries and everything looks OK. I have followed the suggestions on Event id net, but no luck in solving this problem. Before I had a logging that also stated the 40961 event but that logging has stopped since I upgraded to Service pack 1. The thing is on my other windows 2003 member servers I don't get this loggentry. I have two Domaincontrollers one is Windows 2003 (has all FSMO roles and the Global catalog) and one is Windows 2000 ((also has the global catalog). One thing that i can see that the machines that has the error logging has the 2000 server as logon server... the other ones (without the problem) has the windows 2003 server as logon server.... can this has something to do with the error logging? Regards Kbergros
From: Ace Fekay [MVP] on 24 May 2006 19:04 In news:OoTpvXjfGHA.4864(a)TK2MSFTNGP05.phx.gbl, kbergros <kbergros(a)hotmail.com> stated, which I commented on below: > Hi! > > I'm having a problem that really disturb me..... > I get on 2 of my windows 2003 memberservers a logentry twice a day > saying the following: > > Event Type: Warning > Event Source: LSASRV > Event Category: SPNEGO (Negotiator) > Event ID: 40960 > Date: 2006-05-21 > Time: 03:43:47 > User: N/A > Computer: gimli > Description: > The Security System detected an authentication error for the server > ldap/gollum.test.timber.se/test.timber.se(a)test.timber.se. The failure > code from authentication protocol Kerberos was "The attempted logon is > invalid. This is either due to a bad username or authentication > information. (0xc000006d)". > > I checked everything according to DNS entries and everything looks OK. > I have followed the suggestions on Event id net, but no luck in > solving this problem. > Before I had a logging that also stated the 40961 event but that > logging has stopped since I upgraded to Service pack 1. > > The thing is on my other windows 2003 member servers I don't get this > loggentry. > > I have two Domaincontrollers one is Windows 2003 (has all FSMO roles > and the Global catalog) and one is Windows 2000 ((also has the global > catalog). > One thing that i can see that the machines that has the error logging > has the 2000 server as logon server... the other ones (without the > problem) has the windows 2003 server as logon server.... can this has > something to do with the error logging? > > Regards > > Kbergros Usually creating a reverse zone for your subnet(s) and insuring all DCs (especially the 2003 DCs) have a PTR entry to eliminate this error. On 2003 systems, the SPNEGO, (the SPN identifier) uses the reverse entry to identify itself, hence "Ego". -- Ace This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. Having difficulty reading or finding responses to your post? Instead of the website you're using, I suggest to use OEx (Outlook Express or any other newsreader), and configure a news account, pointing to news.microsoft.com. This is a direct link to the Microsoft Public Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you to easily find, track threads, cross-post, sort by date, poster's name, watched threads or subject. It's easy: How to Configure OEx for Internet News http://support.microsoft.com/?id=171164 Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP Microsoft MVP - Directory Services Microsoft Certified Trainer Infinite Diversities in Infinite Combinations Assimilation Imminent. Resistance is Futile "Very funny Scotty. Now, beam down my clothes." The only thing in life is change. Anything more is a blackhole consuming unnecessary energy. - [Me]
From: kbergros on 26 May 2006 05:26 Hi! Thanxs for your answer. I have checked my Dns zones (several times) and all my machines has the correct ptr entry... I have checked with Nslookup both my forward and recursive zones and get the correct answer every time... Any other suggestions on how to solve this? regards Kbergros Ace Fekay [MVP] skrev: > In news:OoTpvXjfGHA.4864(a)TK2MSFTNGP05.phx.gbl, > kbergros <kbergros(a)hotmail.com> stated, which I commented on below: > >>Hi! >> >>I'm having a problem that really disturb me..... >>I get on 2 of my windows 2003 memberservers a logentry twice a day >>saying the following: >> >>Event Type: Warning >>Event Source: LSASRV >>Event Category: SPNEGO (Negotiator) >>Event ID: 40960 >>Date: 2006-05-21 >>Time: 03:43:47 >>User: N/A >>Computer: gimli >>Description: >>The Security System detected an authentication error for the server >>ldap/gollum.test.timber.se/test.timber.se(a)test.timber.se. The failure >>code from authentication protocol Kerberos was "The attempted logon is >>invalid. This is either due to a bad username or authentication >> information. (0xc000006d)". >> >>I checked everything according to DNS entries and everything looks OK. >>I have followed the suggestions on Event id net, but no luck in >>solving this problem. >>Before I had a logging that also stated the 40961 event but that >>logging has stopped since I upgraded to Service pack 1. >> >>The thing is on my other windows 2003 member servers I don't get this >>loggentry. >> >>I have two Domaincontrollers one is Windows 2003 (has all FSMO roles >>and the Global catalog) and one is Windows 2000 ((also has the global >>catalog). >>One thing that i can see that the machines that has the error logging >>has the 2000 server as logon server... the other ones (without the >>problem) has the windows 2003 server as logon server.... can this has >>something to do with the error logging? >> >>Regards >> >>Kbergros > > > Usually creating a reverse zone for your subnet(s) and insuring all DCs > (especially the 2003 DCs) have a PTR entry to eliminate this error. On 2003 > systems, the SPNEGO, (the SPN identifier) uses the reverse entry to identify > itself, hence "Ego". >
From: kbergros on 26 May 2006 05:28 Hi! Thanxs for your answer. I have checked my Dns zones (several times) and all my machines has the correct ptr entry... I have checked with Nslookup both my forward and recursive zones and get the correct answer every time... Any other suggestions on how to solve this? regards Kbergros kbergros skrev: > Hi! > > I'm having a problem that really disturb me..... > I get on 2 of my windows 2003 memberservers a logentry twice a day > saying the following: > > Event Type: Warning > Event Source: LSASRV > Event Category: SPNEGO (Negotiator) > Event ID: 40960 > Date: 2006-05-21 > Time: 03:43:47 > User: N/A > Computer: gimli > Description: > The Security System detected an authentication error for the server > ldap/gollum.test.timber.se/test.timber.se(a)test.timber.se. The failure > code from authentication protocol Kerberos was "The attempted logon is > invalid. This is either due to a bad username or authentication > information. > (0xc000006d)". > > I checked everything according to DNS entries and everything looks OK. > I have followed the suggestions on Event id net, but no luck in solving > this problem. > Before I had a logging that also stated the 40961 event but that logging > has stopped since I upgraded to Service pack 1. > > The thing is on my other windows 2003 member servers I don't get this > loggentry. > > I have two Domaincontrollers one is Windows 2003 (has all FSMO roles and > the Global catalog) and one is Windows 2000 ((also has the global catalog). > > One thing that i can see that the machines that has the error logging > has the 2000 server as logon server... the other ones (without the > problem) has the windows 2003 server as logon server.... can this has > something to do with the error logging? > > Regards > > Kbergros
From: Ace Fekay [MVP] on 26 May 2006 16:48
In news:uA%23E6ZKgGHA.5088(a)TK2MSFTNGP02.phx.gbl, kbergros <kbergros(a)hotmail.com> stated, which I commented on below: > Hi! > > Thanxs for your answer. > I have checked my Dns zones (several times) and all my machines has > the correct ptr entry... I have checked with Nslookup both my forward > and recursive zones and get the correct answer every time... > Any other suggestions on how to solve this? > > regards > > Kbergros Looking again at your original post, the description part of the error says: Description: The Security System detected an authentication error for the server ldap/gollum.test.timber.se/test.timber.se(a)test.timber.se. The failure code from authentication protocol Kerberos was "The attempted logon is invalid. This is either due to a bad username or authentication information. (0xc000006d)". This indicates to me that you are possibly pointing to your ISP's DNS in IP properties. Now if AD is trying to coorespond it's SPNEGO by contacting them for a PTR for the internal IP range, then I can understand why this is happening. The cardinal rule is in any AD infrastructure, no matter how small or large, NEVER use the ISP's DNS in IP properties of ANY machine that is part of AD (DCs servers and clients). If not sure what I'm talking about, please post an unedited ipconfig /all to better assist you and we can point out any problems in your config. Ace |