Re: Tickets Kerberos

A reverse lookup is not required for proper AD function. However, without a reverse lookup zone and PTRs, you may see 40960 and 40961 events due to Win2k3 and WinXP trying to make a secure PTR registration at the External DNS that is Authoritative over the reverse lookup of the IP on the machine's local interface. If it's a private address it will say cannot establish a secured connection with the server prisoner.iana.org.
Also, nslookup will report "Can't find server name for address <IPAddressOfDNSServer>"

By creating a Reverse lookup zone you solve that error, also make sure that you have all clients NIC preferred DNS server pointing to their local (Internal) DNS server.
--
*************************************************
I hope that the information above helps you
Good Luck

Jorge Silva

MCSA + Exchange + MSCE
*************************************************

<mourad.ladjici@xxxxxxxxx> wrote in message news:u9jOVk9DHHA.348@xxxxxxxxxxxxxxxxxxxxxxx
I already did it and it didn't work.
I should wait one hours to have tickets kerberos (i use kerbtray to see that) and then i can access share folders.
I can see in the event viewer this log, when it's not working :

The Security System could not establish a secured connection with the server <server name>. No authentication protocol was available.
Event ID: 40961 Source : LsaSrv


Regards,
Mourad



"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> a écrit dans le message de news: %2354IlE9DHHA.4604@xxxxxxxxxxxxxxxxxxxxxxx
Hi
Fastest way is to reset the computer account in AD, then re-add the computer to Ad again.

--
*************************************************
I hope that the information above helps you
Good Luck

Jorge Silva

MCSA + Exchange + MSCE
*************************************************

<mourad.ladjici@xxxxxxxxx> wrote in message news:%23ANQ1y8DHHA.4132@xxxxxxxxxxxxxxxxxxxxxxx
Hi,

I am working in Active Directory Windows 2003, when I open a session with my computer (Windows XP with SP2), I don't have a tickets Kerberos, then I can't access at Share Folders.


How can I renew a tickets Kerberos ?







.

Relevant Pages

  • Re: Deploy Design Question
    ... It does not mean that it needs a reverse lookup zone or PTR it just wants to ... make a secure connection to the server so it can register its addresses. ... to the DNS server it is on before other DNS servers will know it exists. ...
    (microsoft.public.windows.server.dns)
  • Re: SPNEGO 40960 errors
    ... A reverse lookup is not required for proper AD function. ... establish a secured connection with the server prisoner.iana.org. ... These servers own the public PTR records for the 192.168.x.x zones. ... On the local DNS Server, create a Reverse Lookup Zone, and enter a ...
    (microsoft.public.windows.server.active_directory)
  • Re: Errors in Event Log after changing Windows 2003 Server Administrator password
    ... A reverse lookup is not required for proper AD function. ... reverse lookup zone and PTRs, you may see 40960 and 40961 events due to ... nslookup will report "Can't find server name for address ... The Security System detected an authentication error for the server ...
    (microsoft.public.windows.server.active_directory)
  • Re: Windows 2003 Server taking forever to startup
    ... the network it placed its name in the reverse lookup as the server name ... Both DNS servers now have the correct ip address in reverse lookup zone. ...
    (microsoft.public.windows.server.general)
  • Re: Active Directory and Reverse DNS Zones
    ... A reverse lookup is not required for proper AD function. ... reverse lookup zone and PTRs, you may see 40960 and 40961 events due to ... I was not intending to change the subnet mask of my network, ...
    (microsoft.public.windows.server.active_directory)