Re: LSASRV 40961 error in event log
- From: v-franhe@xxxxxxxxxxxxx (Frances [MSFT])
- Date: Wed, 20 Apr 2005 07:08:03 GMT
Hello Adam,
Thanks for the post.
According to your message, I understand that you find LSASRV 40961 error in
the event log.
Event ID 40961 is a new warning event that may show up in the System log
when Windows fails to negotiate an authenticate package. Since Kerberos is
the most commonly used authentication package in XP/2003, the event is most
often Kerberos-related. Because it is new, there are few articles about it.
There are many causes that will lead to this warning. At this point, I want
to gather more information about your domain to isolate the main cause.
I understand from your messages that this is a win2k domain. Please help to
answer the following questions.
1. Does it have parent or child domain? How many DCs do you have in the
domain?
2. What about the DNS server? Does it support Kerberos?
3. Does the 40961 event happen at a regular interval, for example, does it
happen hourly?
Please also help to verify the following settings.
1. Verify Remote Procedure Call (RPC) Locator is correctly configured as
follows:
Started, Automatic - Windows 2000 domain controllers.
Stopped, Manual - Windows Server 2003 domain controllers & member servers.
Stopped, Disabled - Windows 2000 clients & member servers, XP clients.
To find the service, type "services.msc" in the Run box to open the
Services Page and locate it.
2. If the registry on the DC contains the NT4Emulator registry value in the
following registry key, set it to 0, or delete it entirely.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters
3. Verify the DHCP client service is started on all machines. Even machines
with static IP addresses (including domain controllers and member servers)
need to have DHCP client service enabled because that service handles DNS
dynamic updates.
4. Verify there isn't a time skew between machines. Make sure to verify the
time, date, and year, are all the same.
Since the warning is often caused by a broken secure channel, I suggest
that we reset the security channel to check the effect. Please follow the
steps below.
1. Click Start, click Run, type "cmd" (without the quotation marks), and
then press ENTER.
2. Type "secedit /configure /cfg %windir%\repair\secsetup.inf /db
secsetup.sdb /verbose" (without the quotation marks), and then press ENTER.
Refer to the following article for more information.
313222 How To Reset Security Settings Back to the Defaults
http://support.microsoft.com/?id=313222
Do the suggestions help?
I will wait for your information to decide what to do next. Please reply to
me at your earliest convenience. I am looking forward to the reply!
Best regards,
Frances He
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
.
- Follow-Ups:
- Re: LSASRV 40961 error in event log
- From: Adam Raff
- Re: LSASRV 40961 error in event log
- References:
- LSASRV 40961 error in event log
- From: Adam Raff
- Re: LSASRV 40961 error in event log
- From: Thorsten Matzner
- Re: LSASRV 40961 error in event log
- From: Adam Raff
- LSASRV 40961 error in event log
- Prev by Date: Re: installation of winxp sp1a
- Next by Date: RE: SystemVolume.....files cleaned by file manager
- Previous by thread: Re: LSASRV 40961 error in event log
- Next by thread: Re: LSASRV 40961 error in event log
- Index(es):
Relevant Pages
|
