RE: Event ID 40960 and 40961 lsasrv

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Try DCDIAG to check if everything alright on your DCs.
Then try to move your users to a new created OU, have a go again...
I had this error but i cant figure out how i solved it...however check up
the stuff

"Javier Crespo" wrote:

> I have a two domain Windows 2003 AD. The account operators have their XP Pro
> workstations and accounts in the child domain. They are members of the
> account operators group of the child and parent domains.
>
> Since sometime ago they can't access with AD Users & Computers to the parent
> domain. They get LSAsrv errors 40960 and 40961 in the event log and a "The
> Local Security Authority can't be contacted" error in the MMC.
> I have created a test account belonging to the same groups and it works well.
> It seems there's something wrong with their accounts but I haven´t seen
> anything to try.
> Any ideas will be apreciated.
>
> Regards
>
> --
> ~~~~ Javier Crespo Martinez
> Information Technology Service
> University of Cantabria, Spain
>
>
> Event Type: Warning
> Event Source: LSASRV
> Event Category: SPNEGO (Negotiator)
> Event ID: 40960
> Date: 17/6/2005
> Time: 11:59:26 AM
> User: N/A
> Computer: TEST
> Description:
> The Security System detected an attempted downgrade attack for
> server HTTP/Mmaserver. The failure code from authentication protocol
> Kerberos was "There are currently no logon servers available to service
> the logon request.
> (0xc000005e)".
>
> For more information, see Help and Support Center at http://
> go.microsoft.com/fwlink/events.asp.
>
>
>
> Event Type: Warning
> Event Source: LSASRV
> Event Category: SPNEGO (Negotiator)
> Event ID: 40961
> Date: 17/6/2005
> Time: 11:50:47 AM
> User: N/A
> Computer: TEST
> Description:
> The Security System could not establish a secured connection with the
> server cifs/Mmaserver. No authentication protocol was available.
>
> For more information, see Help and Support Center at http://
> go.microsoft.com/fwlink/events.asp.
>
.

Relevant Pages

  • Re: Re-Post - "the trust relationship between this workstation and the
    ... "the trust relationship between this workstation and the primary domain ... only problem is adding a new user account on the station. ... Client computer must use STRICTLY the INTERNAL DNS server which can ... Attr: subschemaSubentry ...
    (microsoft.public.windows.server.active_directory)
  • Re: Same question, still no answer!!!
    ... Sounds then like we are all paying for a feature set only large companies ... The "proxy server" pc is actually an older box stuffed ... Expectation #1) keep the ethernet more or less as is. ... The kids account would be ...
    (microsoft.public.windowsxp.basics)
  • Re: Re-Post - "the trust relationship between this workstation and the
    ... "the trust relationship between this workstation and the primary domain ... only problem is adding a new user account on the station. ... This would be on the DNS server 172.20.100.2 ... Attr: subschemaSubentry ...
    (microsoft.public.windows.server.active_directory)
  • Sending email to mydomain.com
    ... server will appear as undeliverable. ... This happens because you are using the POP3 connector... ... an NDR when an account doesn't exist). ... >different from the user account names for the exchange ...
    (microsoft.public.windows.server.sbs)
  • Re: Basic Authentication + IIS 5 + Windows 2000 + Frontpage 2002 = failure?
    ... administrator account -- we should have no problems at least browsing to ... server. ... | authentication dialog box. ...
    (microsoft.public.inetserver.iis.security)