Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Event Id's 1030, 40961 and 673 on DC

Status
Not open for further replies.
geist4

geist4

IS-IT--Management
Jun 21, 2005
12
0
0
US
Windows 2003 SP1 Domain 3 DC's
Windows XP SP2


Details of Problem:

Event logs of XP Clients are reporting the events 1030 (USERENV) and 40961 (LSASRV/SPNEGO) only when the users machine is logged in but locked. (After they go home) The events seem to happen about every two hours until they unlock and then the problem stops again.

Domain Controller Log reports event 673 Failure With no Username/Domain/Service Name/Service ID

Ticket Options: 0x2
Client Address: (matches the clients ip address)
Failure Code 0X20 (Ticket Expired?)

Can you explain what might be happening here and possible solutions?

Thanks






 
Sort by date Sort by votes
Although the KB article does not match exactly it is a close match to most of the symptoms.

***
MS Article ID : 885887
Last Review : April 27, 2006
Revision : 1.3


You cannot access network resources after you try to log on to a Windows XP Service Pack 2-based computer

Symptoms:
If you log on to a Microsoft Windows XP Service Pack 2 (SP2)-based computer before a domain controller on your network is available, you may experience one or more of the following symptoms:

• User-specific Kerberos Ticket-Granting Tickets (TGT) are not renewed.
• Requests for new TGTs are not accepted if the TGT has reached its last permissible renew date after you install Windows XP SP2.
• Authentication to network resources may unexpectedly quit after the computer has been locked.
• Programs that use Delegation may unexpectedly quit.
• You cannot resolve the problem by purging the TGT and requesting a new TGT.
• You find an event similar to the following event in the system event log:

Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: 10/27/2004
Time: 1:00:50 PM
User: N/A
Computer: COMPUTER
Description: The Security System could not establish a secured connection with the server ldap/DC01.corp.com/corp.com@corp.com. No authentication protocol was available.

*****

To Get the Hot Fix Mentioned in the KB Article:

I called 1-800-MICROSOFT (1-800-642-7676)and followed the telephone prompts to get a HotFix. I got transferred to a real person who simply asked what Hot Fix I needed and then they emailed it to me with a password.

I have installed the Hot Fix on one machine and will post back the results.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

andyferris
  • Locked
  • Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
64
RRankin355
RRankin355
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
84
DrB0b
DrB0b
James281
  • Locked
  • Question
Enrolment agent (enrol on behalf of) stopped working
Replies
1
Views
61
mikehook
mikehook
bechna
  • Locked
  • Question
Windows Server and VPN Setup
Replies
1
Views
62
DrB0b
DrB0b
lacked
  • Locked
  • Question
problem with windows update on windows server 2016
Replies
1
Views
53
maybeimaleo
maybeimaleo

Part and Inventory Search

Sponsor

Back
Top