Re: Lsasrv Event ID 40960
- From: "Ace Fekay [MVP]" <PleaseAskMe@xxxxxxxxxxxxxx>
- Date: Fri, 26 May 2006 16:48:10 -0400
In news:uA%23E6ZKgGHA.5088@xxxxxxxxxxxxxxxxxxxx,
kbergros <kbergros@xxxxxxxxxxx> stated, which I commented on below:
Hi!
Thanxs for your answer.
I have checked my Dns zones (several times) and all my machines has
the correct ptr entry... I have checked with Nslookup both my forward
and recursive zones and get the correct answer every time...
Any other suggestions on how to solve this?
regards
Kbergros
Looking again at your original post, the description part of the error says:
Description:
The Security System detected an authentication error for the server
ldap/gollum.test.timber.se/test.timber.se@xxxxxxxxxxxxxxx The failure
code from authentication protocol Kerberos was "The attempted logon is
invalid. This is either due to a bad username or authentication information.
(0xc000006d)".
This indicates to me that you are possibly pointing to your ISP's DNS in IP
properties. Now if AD is trying to coorespond it's SPNEGO by contacting them
for a PTR for the internal IP range, then I can understand why this is
happening.
The cardinal rule is in any AD infrastructure, no matter how small or large,
NEVER use the ISP's DNS in IP properties of ANY machine that is part of AD
(DCs servers and clients). If not sure what I'm talking about, please post
an unedited ipconfig /all to better assist you and we can point out any
problems in your config.
Ace
.
- Follow-Ups:
- Re: Lsasrv Event ID 40960
- From: kbergros
- Re: Lsasrv Event ID 40960
- References:
- Lsasrv Event ID 40960
- From: kbergros
- Re: Lsasrv Event ID 40960
- From: Ace Fekay [MVP]
- Re: Lsasrv Event ID 40960
- From: kbergros
- Lsasrv Event ID 40960
- Prev by Date: Re: SIDs instead of the user friendly names
- Next by Date: Re: Sites and Services NTDS Settings Transport
- Previous by thread: Re: Lsasrv Event ID 40960
- Next by thread: Re: Lsasrv Event ID 40960
- Index(es):
Relevant Pages
|
