Announcement

Collapse
No announcement yet.

Server 2003 Problems!!

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Server 2003 Problems!!

    Ladies and Gentlmen,
    Once again im having problems with out network.

    Were running server 2003, most of the boxes are XP and some are 2000. The errors that are showing up in the error log are as follows.

    System Errors
    40960
    40961
    These are the number 1 errors on the systems. I think there was around 30 of them in the log for just today.
    Other errors are

    26
    36
    4226

    The Problem that were having is that random computers are loosing the trust to the domain and the computer name HAS to be change to get them back on. I know some GPO's have been applied. I dont know exactly what. Im in the Army over in Afghanistan. SO there are contollers above us and they wont tell us anything. Nor do they know what the problem is. Any thoughts would be great. Thanks in advanced
    SPC Passaro, Vincent
    A+, Security+, MCP Server 2000

    STRIKE HOLD!!
    AIRBORNE ALL THE WAY!!

  • #2
    is that what you're looking for ? http://support.microsoft.com/?kbid=891559
    Good Luck

    Shai

    MCSE 2003+Security;MCSE 2003+Messaging
    HP ASE;HP AIS;HP APS

    So, from me to all of you out there, wherever you are, remember:
    the light at the end of the tunnel may be you. Good Day!

    Comment


    • #3
      That's hard to explain what we can not know about!

      40960 - Error - A significant problem, such as loss of data or loss of functionality. For example, if a service fails to load during startup, an error will be logged.

      Explaination: Could be:
      The Security System could not establish a secured connection with the server <server name>. No authentication protocol was available.

      40961 - Warning - An event that is not necessarily significant, but may indicate a possible future problem. For example, when disk space is low, a warning will be logged.

      Explanation: Could be:
      The Security System detected an attempted downgrade attack for server <server name>. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request. (0xc000005e)".


      See the other here: http://www.eventid.net/
      MCSE w2k
      MCSA w2k - MCSA w2k MESSAGING
      MCDBA SQL2k

      Comment


      • #4
        lol

        Yeah, the hard part is making sure that i dont go to jail giving all the details.

        This much i can explain. We are obviously a great distance from the other DC's. So we send the signal to the other DC's. The error keeps coming up that it cant contact a diffrent server it says ldap/<server name> Its repating alot. The server is running 24/7 and has been for quite some time. Im not even sure if the problems are the same. But thats all the error log is showing. Im guessing someones screwing with the DC's higher and its affecting us. What could i possibly do to narrow down whats happening?! Security log seems ok. Nothing really abnormal..!!?! Thanks for the help. Kind of hard troublshooting something when the clowns above you offer no help. Thanks again!!
        SPC Passaro, Vincent
        A+, Security+, MCP Server 2000

        STRIKE HOLD!!
        AIRBORNE ALL THE WAY!!

        Comment


        • #5
          Can you tell us the event logs ID:, Number: and Source
          MCSE w2k
          MCSA w2k - MCSA w2k MESSAGING
          MCDBA SQL2k

          Comment


          • #6
            Yeah,

            I can pass that. I cant give out the server name but ill get that and post it.. Thanks again
            SPC Passaro, Vincent
            A+, Security+, MCP Server 2000

            STRIKE HOLD!!
            AIRBORNE ALL THE WAY!!

            Comment


            • #7
              Here is a copy of the log files. I have removed the computer names and suffexs. I cant give those out. Thanks again!!

              APPLICATION ERRORS



              Event Type: Error
              Event Source: AutoEnrollment
              Event Category: None
              Event ID: 15
              Date: 6/23/2005
              Time: 9:58:24 PM
              User: N/A
              Computer: computername
              Description:
              Automatic certificate enrollment for local system failed to contact the active directory (0x80072095). A directory service error has occurred.
              Enrollment will not be performed.

              For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

              SYSTEM ERRORS

              Event Type: Warning
              Event Source: LSASRV
              Event Category: SPNEGO (Negotiator)
              Event ID: 40961
              Date: 6/24/2005
              Time: 3:26:45 AM
              User: N/A
              Computer: computername
              Description:
              The Security System could not establish a secured connection with the server cifs/computername. No authentication protocol was available.

              For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

              Event Type: Warning
              Event Source: LSASRV
              Event Category: SPNEGO (Negotiator)
              Event ID: 40960
              Date: 6/24/2005
              Time: 3:26:45 AM
              User: N/A
              Computer: computername
              Description:
              The Security System detected an attempted downgrade attack for server cifs/computername. The failure code from authentication protocol Kerberos was "The referenced account is currently disabled and may not be logged on to.
              (0xc0000072)".

              For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


              Event Type: Warning
              Event Source: W32Time
              Event Category: None
              Event ID: 26
              Date: 6/24/2005
              Time: 1:32:53 AM
              User: N/A
              Computer: computer name
              Description:
              Time Provider NtpClient: The response received from domain controller computer name has a bad signature. The response may have been tampered with and will be ignored.

              For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

              Event Type: Warning
              Event Source: LSASRV
              Event Category: SPNEGO (Negotiator)
              Event ID: 40961
              Date: 6/24/2005
              Time: 1:26:44 AM
              User: N/A
              Computer: computername
              Description:
              The Security System could not establish a secured connection with the server cifs/computer name. No authentication protocol was available.

              For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
              SPC Passaro, Vincent
              A+, Security+, MCP Server 2000

              STRIKE HOLD!!
              AIRBORNE ALL THE WAY!!

              Comment


              • #8
                [quote="zcrxsir88"]
                Event Type: Error
                Event Source: AutoEnrollment
                Event Category: None
                Event ID: 15
                Date: 6/23/2005
                Time: 9:58:24 PM
                User: N/A

                Run gpedit.msc to edit global policies, security settings, PKI settings, Auto Enrollment settings. Happens when no AD present OR can be because a firewall block


                Event Type: Warning
                Event Source: LSASRV
                Event Category: SPNEGO (Negotiator)
                Event ID: 40961
                Date: 6/24/2005
                Time: 3:26:45 AM
                User: N/A

                See this for details:
                http://www.eventid.net/display.asp?e...rv&phase=1


                Event Type: Warning
                Event Source: LSASRV
                Event Category: SPNEGO (Negotiator)
                Event ID: 40960
                Date: 6/24/2005
                Time: 3:26:45 AM
                User: N/A
                See this for details:

                http://www.eventid.net/display.asp?e...rv&phase=1



                Event Type: Warning
                Event Source: W32Time
                Event Category: None
                Event ID: 26
                Date: 6/24/2005
                Time: 1:32:53 AM
                User: N/A

                Win32 Network Time Synchronization Service (w32time.dll)
                Windows 2000 uses a new time synchronization service to synchronize the date and time of computers on a Windows 2000-based network. Synchronized time is critical in Windows 2000 because the default authentication protocol (Kerberos version 5) uses workstation time as part of the authentication ticket generation process. Seens that you have problems to sync. with the Domain Controller



                I think you have only one problem here:

                Do you have Certificate Authority Server in your domain?
                Go to the command line and check your dns with nslookup tool. See if you can sucessfully get the domain name, domain controller, etc..
                MCSE w2k
                MCSA w2k - MCSA w2k MESSAGING
                MCDBA SQL2k

                Comment

                Working...
                X