Unable to resolve SPNEGO Event ID 40961 errors

[Guest Leythos]

I have a few workstations, not all of them, that randomly start getting

security failures in their event logs, rebooting the main server and the

workstations often takes care of it, but not always. I've looked all

over the net, tried many things, but I can't seem to shake this.

 

Anyone have a solution path for getting rid of these errors?

 

Event Type: Warning

Event Source: LSASRV

Event Category: SPNEGO (Negotiator)

Event ID: 40961

Date: 11/25/2007

Time: 11:49:23 AM

User: N/A

Computer: WS56

Description:

The Security System could not establish a secured connection with the

server

ldap/servername.domainname.local/domainname.local@domainname.local.

No authentication protocol was available

 

 

--

 

Leythos

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

[Guest Joe D]

Re: Unable to resolve SPNEGO Event ID 40961 errors

 

is there something "wrong"? or are you just thinking something is wrong

because you see these events?

 

 

 

"Leythos" <void@nowhere.lan> wrote in message

news:MPG.21b380ce7a4bbcd398984c@Adfree.usenet.com...

>I have a few workstations, not all of them, that randomly start getting

> security failures in their event logs, rebooting the main server and the

> workstations often takes care of it, but not always. I've looked all

> over the net, tried many things, but I can't seem to shake this.

>

> Anyone have a solution path for getting rid of these errors?

>

> Event Type: Warning

> Event Source: LSASRV

> Event Category: SPNEGO (Negotiator)

> Event ID: 40961

> Date: 11/25/2007

> Time: 11:49:23 AM

> User: N/A

> Computer: WS56

> Description:

> The Security System could not establish a secured connection with the

> server

> ldap/servername.domainname.local/domainname.local@domainname.local.

> No authentication protocol was available

>

>

> --

>

> Leythos

> - Igitur qui desiderat pacem, praeparet bellum.

> - Calling an illegal alien an "undocumented worker" is like calling a

> drug dealer an "unlicensed pharmacist"

> spam999free@rrohio.com (remove 999 for proper email address)

[Guest Leythos]

Re: Unable to resolve SPNEGO Event ID 40961 errors

 

In article <OyV8oD5LIHA.3976@TK2MSFTNGP03.phx.gbl>, n@n.com says...

> is there something "wrong"? or are you just thinking something is wrong

> because you see these events?

 

I'm assuming that since I get an Authentication Error in the security

event log, that there should be something wrong.

 

Any user that logs onto the problem machine will cause a Security Event

entry showing logon authentication failure, but they can login without

any problem.

 

I don't see this in any of the other domains we manage, just this one

and only on some workstations.

 

The SPNEGRO error is common for the ones that fail, if I disjoin from

the domain, delete the computer account, and rejoin it, it goes away 90%

of the time and doesn't return - but once in a while I have a computer

that doesn't seem to resolve that problem.

 

 

--

 

Leythos

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

[Guest Meinolf Weber]

Re: Unable to resolve SPNEGO Event ID 40961 errors

 

Hello Leythos,

 

Did you have a reverse lookup zone created in DNS console? If not create

it, should help you.

 

Best regards

 

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

** Please do NOT email, only reply to Newsgroups

** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

> In article <OyV8oD5LIHA.3976@TK2MSFTNGP03.phx.gbl>, n@n.com says...

>

>> is there something "wrong"? or are you just thinking something is

>> wrong because you see these events?

>>

> I'm assuming that since I get an Authentication Error in the security

> event log, that there should be something wrong.

>

> Any user that logs onto the problem machine will cause a Security

> Event entry showing logon authentication failure, but they can login

> without any problem.

>

> I don't see this in any of the other domains we manage, just this one

> and only on some workstations.

>

> The SPNEGRO error is common for the ones that fail, if I disjoin from

> the domain, delete the computer account, and rejoin it, it goes away

> 90% of the time and doesn't return - but once in a while I have a

> computer that doesn't seem to resolve that problem.

>

[Guest Leythos]

Re: Unable to resolve SPNEGO Event ID 40961 errors

 

In article <ff16fb666edac8c9fdccf49b4ffa@msnews.microsoft.com>, Meinolf

Weber <meiweb(nospam)@gmx.de> says...

> Hello Leythos,

>

> Did you have a reverse lookup zone created in DNS console? If not create

> it, should help you.

 

Yes, for all 6 subnets (we have a few branch offices that register their

DNS, but the ones (workstations) that cause the problem are the local

subnet ones.

 

What if I remove the records in the reverse LUZ?

 

 

--

 

Leythos

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

[Guest Meinolf Weber]

Re: Unable to resolve SPNEGO Event ID 40961 errors

 

Hello Leythos,

 

Think this will be ok. Do you have enabled NETBIOS over TCP/IP on the clients?

Also you can try to remove/reinstall MS client for networking on the workstations.

 

Best regards

 

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

** Please do NOT email, only reply to Newsgroups

** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

> In article <ff16fb666edac8c9fdccf49b4ffa@msnews.microsoft.com>,

> Meinolf Weber <meiweb(nospam)@gmx.de> says...

>

>> Hello Leythos,

>>

>> Did you have a reverse lookup zone created in DNS console? If not

>> create it, should help you.

>>

> Yes, for all 6 subnets (we have a few branch offices that register

> their DNS, but the ones (workstations) that cause the problem are the

> local subnet ones.

>

> What if I remove the records in the reverse LUZ?

>

[Guest Leythos]

Re: Unable to resolve SPNEGO Event ID 40961 errors

 

In article <ff16fb666edca8c9fdd0f6943cfa@msnews.microsoft.com>, Meinolf

Weber <meiweb(nospam)@gmx.de> says...

> Hello Leythos,

>

> Think this will be ok. Do you have enabled NETBIOS over TCP/IP on the clients?

> Also you can try to remove/reinstall MS client for networking on the workstations.

 

Thanks for the ideas - I'll check on this on Monday when I have more

time. Have a good evening.

 

--

 

Leythos

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

[Guest Joe D]

Re: Unable to resolve SPNEGO Event ID 40961 errors

 

if it only happens on one machine, check the system time AND time zone on

that machine. could be a kerberos issue caused by a time difference between

the pc and the authenticating dc

 

 

 

 

"Leythos" <void@nowhere.lan> wrote in message

news:MPG.21b3d8d6299b919e989853@Adfree.usenet.com...

> In article <ff16fb666edca8c9fdd0f6943cfa@msnews.microsoft.com>, Meinolf

> Weber <meiweb(nospam)@gmx.de> says...

>> Hello Leythos,

>>

>> Think this will be ok. Do you have enabled NETBIOS over TCP/IP on the

>> clients?

>> Also you can try to remove/reinstall MS client for networking on the

>> workstations.

>

> Thanks for the ideas - I'll check on this on Monday when I have more

> time. Have a good evening.

>

> --

>

> Leythos

> - Igitur qui desiderat pacem, praeparet bellum.

> - Calling an illegal alien an "undocumented worker" is like calling a

> drug dealer an "unlicensed pharmacist"

> spam999free@rrohio.com (remove 999 for proper email address)

[Guest Leythos]

Re: Unable to resolve SPNEGO Event ID 40961 errors

 

In article <uk8WwW8LIHA.2208@TK2MSFTNGP06.phx.gbl>, n@n.com says...

> if it only happens on one machine, check the system time AND time zone on

> that machine. could be a kerberos issue caused by a time difference between

> the pc and the authenticating dc

 

It happens on one or two machines at a time, and once fixed, normally by

a disjoin from domain, delete computer account on server, rejoin to

domain, it doesn't come back, but it crops up from time to time.

 

I've checked the time zone, time, ensured that they are all set by DHCP,

ensured that the time service is reachable, etc....

 

The main server was an SBS 2003 server migrated (swing) to Win 2003 Std

R2, but everything seems to work without any errors other than that.

 

--

 

Leythos

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

[Guest Roger Abell [MVP]]

Re: Unable to resolve SPNEGO Event ID 40961 errors

 

It is quite odd that they trigger the message, but then do manage

to get authenticated. If you are logging successful logins, what

is showing as the authentication provider? NTLM when this

happens (msgs but success anyway) whereas normally you see

that Kerberos is being used?

 

Later you say the main server was SBS03, never migrated.

So doesn't that mean still SBS03? If so, could it be some

odd SBS hardcoded limit (max clients) you are hitting?

 

Roger

 

"Leythos" <void@nowhere.lan> wrote in message

news:MPG.21b396e8c3eb611098984e@Adfree.usenet.com...

> In article <OyV8oD5LIHA.3976@TK2MSFTNGP03.phx.gbl>, n@n.com says...

>> is there something "wrong"? or are you just thinking something is wrong

>> because you see these events?

>

> I'm assuming that since I get an Authentication Error in the security

> event log, that there should be something wrong.

>

> Any user that logs onto the problem machine will cause a Security Event

> entry showing logon authentication failure, but they can login without

> any problem.

>

> I don't see this in any of the other domains we manage, just this one

> and only on some workstations.

>

> The SPNEGRO error is common for the ones that fail, if I disjoin from

> the domain, delete the computer account, and rejoin it, it goes away 90%

> of the time and doesn't return - but once in a while I have a computer

> that doesn't seem to resolve that problem.

>

>

> --

>

> Leythos

> - Igitur qui desiderat pacem, praeparet bellum.

> - Calling an illegal alien an "undocumented worker" is like calling a

> drug dealer an "unlicensed pharmacist"

> spam999free@rrohio.com (remove 999 for proper email address)

[Guest Leythos]

Re: Unable to resolve SPNEGO Event ID 40961 errors

 

In article <MPG.21b3d8d6299b919e989853@Adfree.usenet.com>,

void@nowhere.lan says...

> In article <ff16fb666edca8c9fdd0f6943cfa@msnews.microsoft.com>, Meinolf

> Weber <meiweb(nospam)@gmx.de> says...

> > Hello Leythos,

> >

> > Think this will be ok. Do you have enabled NETBIOS over TCP/IP on the clients?

> > Also you can try to remove/reinstall MS client for networking on the workstations.

>

> Thanks for the ideas - I'll check on this on Monday when I have more

> time. Have a good evening.

 

I've found a quick way to resolve it for the Windows XP computers,

reinstalling SP2 seem to have cleared up the problem on the machines in

question.

 

--

 

Leythos

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

[Guest Meinolf Weber]

Re: Unable to resolve SPNEGO Event ID 40961 errors

 

Hello Leythos,

 

Thanks, for posting back your solution.

 

Best regards

 

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

** Please do NOT email, only reply to Newsgroups

** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

> In article <MPG.21b3d8d6299b919e989853@Adfree.usenet.com>,

> void@nowhere.lan says...

>

>> In article <ff16fb666edca8c9fdd0f6943cfa@msnews.microsoft.com>,

>> Meinolf Weber <meiweb(nospam)@gmx.de> says...

>>

>>> Hello Leythos,

>>>

>>> Think this will be ok. Do you have enabled NETBIOS over TCP/IP on

>>> the clients? Also you can try to remove/reinstall MS client for

>>> networking on the workstations.

>>>

>> Thanks for the ideas - I'll check on this on Monday when I have more

>> time. Have a good evening.

>>

> I've found a quick way to resolve it for the Windows XP computers,

> reinstalling SP2 seem to have cleared up the problem on the machines

> in question.

>

[Guest Leythos]

Re: Unable to resolve SPNEGO Event ID 40961 errors

 

In article <eg$3yMLMIHA.3400@TK2MSFTNGP03.phx.gbl>, mvpNoSpam@asu.edu

says...

> It is quite odd that they trigger the message, but then do manage

> to get authenticated. If you are logging successful logins, what

> is showing as the authentication provider? NTLM when this

> happens (msgs but success anyway) whereas normally you see

> that Kerberos is being used?

>

> Later you say the main server was SBS03, never migrated.

> So doesn't that mean still SBS03? If so, could it be some

> odd SBS hardcoded limit (max clients) you are hitting?

 

The main server "was" SBS 2003, used a Swing to a new IBM server with

Win 2003 Std and 150 CAL, there was no upgrade, just a swing of the AD

structure....

 

Reinstalling SP2 (and every machine already had it) on the XP

workstations fixed it for those machines.

 

--

 

Leythos

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)