Re: LSASRV in event viewer
- From: "Kevin D. Goodknecht Sr. [MVP]" <admin@xxxxxxxxxxxxxx>
- Date: Sat, 7 Jan 2006 11:23:57 -0600
Andre <Andre@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> I get a lot of this messages:
> {the security system detected an authentication error for the server
> DNS/ns1.ipb.na The failure code from authentication protocol
> Kerberos was "There are currently no logon servers available to
> service the logon request. (0xc000005e)}
>
> Operating system is windows Server 2003 and the machine is used as a
> webserver and a mailserver.
>
> The server, the message refers to, is listed as secondary Name
> Server for all of the hosted domains under DNS Management.
>
> Any pointers / ideas ? where to look for the problem. I am no
> proffessional, so don't get to technical please.
This could be any one or all of several things.
I have to assume ns1.ipb.na is your ISP's DNS and you have a public IP on
the server's NIC and it is trying to register a PTR for the public IP on the
server.
You have to either stop the registration of the PTR records or create a
reverse lookup zone for each public IP on the server.
To see how to stop PTR registrations read this:
246804 - How to enable or disable DNS updates in Windows 2000 and in Windows
Server 2003: http://support.microsoft.com/default.aspx?scid=kb;EN-US;246804
To create a reverse lookup zone for each IP create a reverse lookup zone
with the full name of the IP arpa zone.
For example the if the public IP is 192.198.2.1, create the zone with this
name:
1.2.198.192.in-addr.arpa.
You cannot use the Subnet ID on this zone because the subnet ID does not go
to the fourth Octet and your DNS server will be unable to do PTR lookups for
other IPs in the subnet. After you create the zone you can create the PTR in
the zone by leaving the IP# field blank.
Or if your AD Domain name is in the same DNS tree as your public domain and
you have your ISP's DNS in TCP/IP Properties. You must remove the ISP's DNS
from the list of DNS servers not only on the server, but from all members of
the AD domain.
I would also assume that if you have a public IP on one of your NICs it is
possible that the Domain Controller is multi-homed. This will cause many
problems on the DC unless you edit the registry, create certain records and
set the proper binding order of the NICs. All of this is outlined in these
documents.
Documents for configuring multihomed Domain Controllers:
These documents contain information about modifying the registry. Before you
modify the registry, make sure to back it up and make sure that you
understand how to restore the registry if a problem occurs.
http://support.wftx.us/Multihomed_Reg_Fix.txt
Same document as above in Microsoft Word Document format:
http://support.wftx.us/Multihomed.doc
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
.
- Follow-Ups:
- Re: LSASRV in event viewer
- From: Andre
- Re: LSASRV in event viewer
- Prev by Date: Re: DNS replication when installing new DC in domain
- Next by Date: Re: Create SRV records for a remote Forest
- Previous by thread: Re: _MSDCS and NTFRS DNS Errors
- Next by thread: Re: LSASRV in event viewer
- Index(es):
Relevant Pages
|
Loading
