Re: Cannot find domain controller

Tech-Archive recommends: Fix windows errors by optimizing your registry

Hi Ace,
For my edification and that of others, can you explain what you mean by:
" The SPN record for the domain controlller is used by the SPNEgo and is
based on the PTR for the DC" ?
Any pointer to where SPENEGO is dependent on PTR records?
SPNEGO is AFAIK, a (usually HTTP) Client/Server AUTHENTICATION NEGOTIATION
Mechanism (i.e. what do you talk? NTLM or Kerberos).
Even this KB says nothing of PTR records:
http://support.microsoft.com/kb/824217


Regards,


Austin



"Ace Fekay [MVP]" <PleaseAskMe@xxxxxxxxxxxxxx> wrote in message
news:eizQI1oIIHA.4808@xxxxxxxxxxxxxxxxxxxxxxx
In news:144C3304-4E0D-4D38-A356-6C76B55C75D3@xxxxxxxxxxxxx,
Austin Osuide <austin@xxxxxxxxxxx> typed:
Guys,
PTR records have no effect on "name resolution".
You do not need to setup or configure reverse lookup zones for forward
lookups to work.

Regards,

Austin

Austin,


Wer're not talking about Forward Lookups. We're talking about a reverse
PTR record in the reverse zone. The SPN record for the domain controlller
is used by the SPNEgo and is based on the PTR for the DC. If this is
missing, you will get SPNEGO and LSASRV errors, respectively 40960's and
40961's.

Back to the original poster, Yakob:
You also mentioned EventID 10, Source=Kerberos. That is usually due to
some sort of firewall blocking traffic, specifically UDP port 88 Kerberos
traffic. Is the firewall turned on? Is there an AV software present that
may be blocking traffic?

Ace




.