| Author |
Message |
The Vogon
Guest
|
 Posted:
Thu Oct 27, 2005 8:50 am Post subject:
Event Warning 40961 LSASRV |
|
|
I get event warning 40961 (see below) regularly throughout the day. Although
it seems there is nothing real that in fact needs attention, I'd still like
to clear up this warning. Configuration is as follows: Win2k3 server, NOT
active directory, IIS, DNS, SQL2000SP4.
I'd appreciate any help in sorting this.
------------------------------------------------------------------------------------------
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: 27.10.2005
Time: 9:36:53
User: N/A
Computer: DNS1
Description:
The Security System could not establish a secured connection with the server
DNS/blah.domain.net. No authentication protocol was available.
------------------------------------------------------------------------------------------ |
|
| Back to top |
|
 |
Todd J Heron
Guest
|
| Posted:
Sat Oct 29, 2005 4:50 pm Post subject:
Re: Event Warning 40961 LSASRV |
|
|
Remove the ISP's DNS server from wherever it appears in the NIC under the
TCP/IP properties on your server. Never use your ISP's DNS server on any
NIC for any domain member in an AD domain.
--
Todd J Heron, MCSE
Windows Server 2003/2000/NT; CCA
----------------------------------------------------------------------------
This posting is provided "as is" with no warranties and confers no rights
"The Vogon" <TheVogon@discussions.microsoft.com> wrote in message
news:812279C8-0883-4B21-AFC0-20D33515A987@microsoft.com...
I get event warning 40961 (see below) regularly throughout the day. Although
it seems there is nothing real that in fact needs attention, I'd still like
to clear up this warning. Configuration is as follows: Win2k3 server, NOT
active directory, IIS, DNS, SQL2000SP4.
I'd appreciate any help in sorting this.
------------------------------------------------------------------------------------------
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: 27.10.2005
Time: 9:36:53
User: N/A
Computer: DNS1
Description:
The Security System could not establish a secured connection with the server
DNS/blah.domain.net. No authentication protocol was available.
------------------------------------------------------------------------------------------ |
|
| Back to top |
|
|
Todd J Heron
Guest
|
| Posted:
Sat Oct 29, 2005 8:50 pm Post subject:
Re: Event Warning 40961 LSASRV |
|
|
Now that you've set the primary and secondary DNS servers in TCP/IP settings
on the NIC to be your own DNS servers, you will not see the LSASRV errors
(as you've confirmed). The reason is the system whether a DC or not will
attempt to register it's computer name into the DNS zone of it's primary DNS
suffix (which will be it's AD domain). Your ISP's server will not hold a
zone for your AD domain therefore the registration will fail.
--
Todd J Heron, MCSE
Windows Server 2003/2000/NT; CCA
----------------------------------------------------------------------------
This posting is provided "as is" with no warranties and confers no rights
"The Vogon" <TheVogon@discussions.microsoft.com> wrote in message
news:13B44657-BCC8-4A3B-853A-B6D31DA9C792@microsoft.com...
Thanks for the reply Todd...
Ok, but I'm curious now :-)
....the servers throwing the LSASRV error were in fact, amongst other things,
my primary and secondary DNS servers... and are on the same physical network
and subnet as my provider's DNS servers... I've set the primary and
secondary
DNS servers in TCP/IP settings on the NIC to be my own DNS servers, and as
yet haven't seen the LSASRV error... but why? Please note my servers are NOT
DC's and NOT using ADS :-S
The Vogon |
|
| Back to top |
|
|
The Vogon
Guest
|
| Posted:
Sat Oct 29, 2005 8:50 pm Post subject:
Re: Event Warning 40961 LSASRV |
|
|
Thanks for the reply Todd...
Ok, but I'm curious now :-)
....the servers throwing the LSASRV error were in fact, amongst other things,
my primary and secondary DNS servers... and are on the same physical network
and subnet as my provider's DNS servers... I've set the primary and secondary
DNS servers in TCP/IP settings on the NIC to be my own DNS servers, and as
yet haven't seen the LSASRV error... but why? Please note my servers are NOT
DC's and NOT using ADS :-S
The Vogon
"Todd J Heron" wrote:
| Quote: | Remove the ISP's DNS server from wherever it appears in the NIC under the
TCP/IP properties on your server. Never use your ISP's DNS server on any
NIC for any domain member in an AD domain.
--
Todd J Heron, MCSE
Windows Server 2003/2000/NT; CCA
----------------------------------------------------------------------------
This posting is provided "as is" with no warranties and confers no rights
"The Vogon" <TheVogon@discussions.microsoft.com> wrote in message
news:812279C8-0883-4B21-AFC0-20D33515A987@microsoft.com...
I get event warning 40961 (see below) regularly throughout the day. Although
it seems there is nothing real that in fact needs attention, I'd still like
to clear up this warning. Configuration is as follows: Win2k3 server, NOT
active directory, IIS, DNS, SQL2000SP4.
I'd appreciate any help in sorting this.
------------------------------------------------------------------------------------------
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: 27.10.2005
Time: 9:36:53
User: N/A
Computer: DNS1
Description:
The Security System could not establish a secured connection with the server
DNS/blah.domain.net. No authentication protocol was available.
------------------------------------------------------------------------------------------
|
|
|
| Back to top |
|
|
The Vogon
Guest
|
| Posted:
Sun Oct 30, 2005 12:50 am Post subject:
Re: Event Warning 40961 LSASRV |
|
|
OK, thanks, that makes sense... unfortuantely however I'm still getting
event warnings as follows:
----------------------------------------------------------------------------------
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 29.10.2005
Time: 23:12:48
User: N/A
Computer: DNS1
Description:
The Security System detected an authentication error for the server
DNS/ns.provider.net. The failure code from authentication protocol Kerberos
was "There are currently no logon servers available to service the logon
request.
(0xc000005e)".
----------------------------------------------------------------------------------
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: 29.10.2005
Time: 23:12:48
User: N/A
Computer: DNS1
Description:
The Security System could not establish a secured connection with the server
DNS/ns.provider.net. No authentication protocol was available.
----------------------------------------------------------------------------------
Note that these event warnings are occuring together at a frequency of
exactly one hour on both my primary and secondary DNS servers...
"Todd J Heron" wrote:
| Quote: | Now that you've set the primary and secondary DNS servers in TCP/IP settings
on the NIC to be your own DNS servers, you will not see the LSASRV errors
(as you've confirmed). The reason is the system whether a DC or not will
attempt to register it's computer name into the DNS zone of it's primary DNS
suffix (which will be it's AD domain). Your ISP's server will not hold a
zone for your AD domain therefore the registration will fail.
--
Todd J Heron, MCSE
Windows Server 2003/2000/NT; CCA
----------------------------------------------------------------------------
This posting is provided "as is" with no warranties and confers no rights
"The Vogon" <TheVogon@discussions.microsoft.com> wrote in message
news:13B44657-BCC8-4A3B-853A-B6D31DA9C792@microsoft.com...
Thanks for the reply Todd...
Ok, but I'm curious now :-)
....the servers throwing the LSASRV error were in fact, amongst other things,
my primary and secondary DNS servers... and are on the same physical network
and subnet as my provider's DNS servers... I've set the primary and
secondary
DNS servers in TCP/IP settings on the NIC to be my own DNS servers, and as
yet haven't seen the LSASRV error... but why? Please note my servers are NOT
DC's and NOT using ADS :-S
The Vogon
|
|
|
| Back to top |
|
|
Todd J Heron
Guest
|
| Posted:
Sun Oct 30, 2005 12:50 am Post subject:
Re: Event Warning 40961 LSASRV |
|
|
Is the server multihomed? If so you must disable dynamic registration of
the extra NIC via registry modifications.
How to enable or disable DNS updates in Windows 2000 and in Windows Server
2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;246804
--
Todd J Heron, MCSE
Windows Server 2003/2000/NT; CCA
----------------------------------------------------------------------------
This posting is provided "as is" with no warranties and confers no rights
"The Vogon" <TheVogon@discussions.microsoft.com> wrote in message
news:0A6FD650-0F6D-4939-BB1D-D94F8AC2E266@microsoft.com...
OK, thanks, that makes sense... unfortuantely however I'm still getting
event warnings as follows:
----------------------------------------------------------------------------------
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 29.10.2005
Time: 23:12:48
User: N/A
Computer: DNS1
Description:
The Security System detected an authentication error for the server
DNS/ns.provider.net. The failure code from authentication protocol Kerberos
was "There are currently no logon servers available to service the logon
request.
(0xc000005e)".
----------------------------------------------------------------------------------
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: 29.10.2005
Time: 23:12:48
User: N/A
Computer: DNS1
Description:
The Security System could not establish a secured connection with the server
DNS/ns.provider.net. No authentication protocol was available.
----------------------------------------------------------------------------------
Note that these event warnings are occuring together at a frequency of
exactly one hour on both my primary and secondary DNS servers... |
|
| Back to top |
|
|
The Vogon
Guest
|
| Posted:
Sun Oct 30, 2005 1:50 pm Post subject:
Re: Event Warning 40961 LSASRV |
|
|
Indeed both servers are multihomed... The primary DNS server having 4 IP
addresses (DNS listening on one), but others used for SQL, mail etc... The
secondary DNS server has 10 IP addresses, one for DNS listening and others
for Web services etc. Both servers have only one physical NIC each. Their
statically configured HOST A entries for machine name are as the DNS
listening addresses.
Since they're not DC's I've left NetLogon Service A registrations alone as
they shouldn't exist or be relevant, and I've only added the following
registry key to disable dynamic DNS updates
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
DWORD DisableDynamicUpdate
Value 1
I've not seen the LSASRV warnings for over an hour now, so this would now
seem to be resolved. Thanks very much for your help in this!
As a footnote, would you anticipate any unwanted side effects due to me
disabling these dynamic DNS updates?
The Vogon :)
"Todd J Heron" wrote:
| Quote: | Is the server multihomed? If so you must disable dynamic registration of
the extra NIC via registry modifications.
How to enable or disable DNS updates in Windows 2000 and in Windows Server
2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;246804
--
Todd J Heron, MCSE
Windows Server 2003/2000/NT; CCA
----------------------------------------------------------------------------
This posting is provided "as is" with no warranties and confers no rights
"The Vogon" <TheVogon@discussions.microsoft.com> wrote in message
news:0A6FD650-0F6D-4939-BB1D-D94F8AC2E266@microsoft.com...
OK, thanks, that makes sense... unfortuantely however I'm still getting
event warnings as follows:
----------------------------------------------------------------------------------
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 29.10.2005
Time: 23:12:48
User: N/A
Computer: DNS1
Description:
The Security System detected an authentication error for the server
DNS/ns.provider.net. The failure code from authentication protocol Kerberos
was "There are currently no logon servers available to service the logon
request.
(0xc000005e)".
----------------------------------------------------------------------------------
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: 29.10.2005
Time: 23:12:48
User: N/A
Computer: DNS1
Description:
The Security System could not establish a secured connection with the server
DNS/ns.provider.net. No authentication protocol was available.
----------------------------------------------------------------------------------
Note that these event warnings are occuring together at a frequency of
exactly one hour on both my primary and secondary DNS servers...
|
|
|
| Back to top |
|
|
The Vogon
Guest
|
| Posted:
Sun Oct 30, 2005 1:50 pm Post subject:
Re: Event Warning 40961 LSASRV |
|
|
Actually, scratch that... I was a bit optimistic in saying the warning events
have gone, they haven't. I'm still getting these 2 warnings together once per
hour.
Also, I stated (from memory without checking) that the DNS server is
listening only on one address, this is in fact untrue, they both listen on
all adapter addresses.
Also, the netlogon service is not running on either server, yet I'm still
getting warnings about authentication failure to the providers nameserver.
Also, after making the registry entry previously stated, DNS services were
restarted.
Where do I go from here? Perhaps the problem lies with the DNS publish
addresses? There is no "publishaddresses" registry key in ...\DNS\Parameters,
should there be (with only one NS A Record defined)?
I'm a bit twitchy about messing too much with the registry on production
servers, so further expert advice would be much appreciated :)
The Vogon
"The Vogon" wrote:
| Quote: |
Indeed both servers are multihomed... The primary DNS server having 4 IP
addresses (DNS listening on one), but others used for SQL, mail etc... The
secondary DNS server has 10 IP addresses, one for DNS listening and others
for Web services etc. Both servers have only one physical NIC each. Their
statically configured HOST A entries for machine name are as the DNS
listening addresses.
Since they're not DC's I've left NetLogon Service A registrations alone as
they shouldn't exist or be relevant, and I've only added the following
registry key to disable dynamic DNS updates
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
DWORD DisableDynamicUpdate
Value 1
I've not seen the LSASRV warnings for over an hour now, so this would now
seem to be resolved. Thanks very much for your help in this!
As a footnote, would you anticipate any unwanted side effects due to me
disabling these dynamic DNS updates?
The Vogon :)
"Todd J Heron" wrote:
Is the server multihomed? If so you must disable dynamic registration of
the extra NIC via registry modifications.
How to enable or disable DNS updates in Windows 2000 and in Windows Server
2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;246804
--
Todd J Heron, MCSE
Windows Server 2003/2000/NT; CCA
----------------------------------------------------------------------------
This posting is provided "as is" with no warranties and confers no rights
"The Vogon" <TheVogon@discussions.microsoft.com> wrote in message
news:0A6FD650-0F6D-4939-BB1D-D94F8AC2E266@microsoft.com...
OK, thanks, that makes sense... unfortuantely however I'm still getting
event warnings as follows:
----------------------------------------------------------------------------------
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 29.10.2005
Time: 23:12:48
User: N/A
Computer: DNS1
Description:
The Security System detected an authentication error for the server
DNS/ns.provider.net. The failure code from authentication protocol Kerberos
was "There are currently no logon servers available to service the logon
request.
(0xc000005e)".
----------------------------------------------------------------------------------
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: 29.10.2005
Time: 23:12:48
User: N/A
Computer: DNS1
Description:
The Security System could not establish a secured connection with the server
DNS/ns.provider.net. No authentication protocol was available.
----------------------------------------------------------------------------------
Note that these event warnings are occuring together at a frequency of
exactly one hour on both my primary and secondary DNS servers...
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in