Re: SPNEGO 40960 errors
- From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
- Date: Wed, 28 Jun 2006 20:08:18 +0100
Hi
A reverse lookup is not required for proper AD function. However,
without a reverse lookup zone and PTRs, you may see 40960 and 40961 events
due to Win2k3 and WinXP trying to make a secure PTR registration at the
External DNS that is Authoritative over the reverse lookup of the IP on the
machine's local interface. If it's a private address it will say cannot
establish a secured connection with the server prisoner.iana.org.
Also, nslookup will report "Can't find server name for address
<IPAddressOfDNSServer>"
The response comes back with one of the following server names:
prisoner.iana.org
blackhole-1.iana.org
blackhole-2.iana.org
These servers own the public PTR records for the 192.168.x.x zones. Since
they have no record of your DNS Server, they reply with a "Server does not
exist" reply, which causes LSASRV to log the error.
Solution: On the local DNS Server, create a Reverse Lookup Zone, and enter a
record for your DNS Server.
also check:
http://support.microsoft.com/default.aspx?scid=kb;en-us;823712&sd=ee
http://support.microsoft.com/default.aspx?scid=kb;en-us;824217&sd=ee
http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows
Operating System&ProdVer=5.2&EvtID=40960&EvtSrc=lsasrv&LCID=1033
http://www.eventid.net/display.asp?eventid=40960&eventno=787&source=LsaSrv&phase=1
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"jdn" <jdn@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4AFB029F-ED4E-4A72-8B29-8B3574FB5EF5@xxxxxxxxxxxxxxxx
A client I am working at is having intermittent "Cannot generate SSPI
context" errors, which have to do with delegation from a web services
machine
to a SQL server.
In the event log of the machine that hosts the web service, there will be
an
LLSRV error message stating that the time between the primary domain
controller and the backup domain controller are too far out of sync (which
causes a kerberos failure), but a check of the times on the machines seem
to
match.
Moreover, the issue is intermittent. If the times were out of sync then
this error should happen consistently not once or twice a week for 15-30
minutes.
Has anyone experienced something like this? Search of google, etc. is
pretty blank, but these sorts of random errors bother me (must be residue
from my old days as an operations manager).
TIA.
.
- Follow-Ups:
- Re: SPNEGO 40960 errors
- From: jdn
- Re: SPNEGO 40960 errors
- Prev by Date: Re: AD sockets thru Win firewall
- Next by Date: Re: adding a bdc
- Previous by thread: Re: Replication restart
- Next by thread: Re: SPNEGO 40960 errors
- Index(es):
Relevant Pages
|
