<

There are currently no logon servers available to service the logon request.

Published on
15,668 Points
12,068 Views
1 Endorsement
Last Modified:
When bringing a new server on line, you may see an error that says:

The Security System detected an authenticaton error for the server ldap/xxxxxxxt.
The failure code from the authentication protocal Kerberos was "There are currently no logon servers available to service the logon request.
Event id: 40960
category: SPENGO (Negotiator)
(0xc000005e)

This issue is the result of missing or the inability to contact the DNS SRV (SeRVice) records.

You just brought a new server on line. To complete the process, the server has to register its own host A record and SVR record in DNS. To do this, Type the following at the command prompt:
IPconfig /flushdns
IPconfig /registerdns
net stop netlogon
net start netlogon

flushing DNS will remove all old or improper DNS records
registering dns records registers your Host A record
restarting the netlogon will register your SRV records.
__________________________________________________________________________________
Speaking of SRV records, here is your second potential problem: (For 2003 server ONLY)

2003 server has a quirk in it. When the netlogon service is restarted it registers the SRV record of both NICs on the DNS server. As you know DNS is the service that provides the DNS translation to the Authenticating server. If DNS sees two SRV records, Cityofabbeville,int picks up on the NIC that shouldn't be providing DNS to the clients, you may get "no netlogon servers can be found" for your authentication server and see the errors above.

The quirk in 2003 server is regardless of deselecting the option registering the SRV record when netlogon is restarted, it will still register the SRV record. There is a patch to resolve this. But, let's make sure this is the problem. Go into DNS and see if your multihomed DNS server has two SRV records. One will be internal and the other external of your LAN. If you have an SRV record that doesn't belong, you should remove these records. This is only a temp fix for troubleshooting because upon a restart of the netlogon service will put those records back in DNS.  

Then, I would go to the XP clients and check out the IPconfig /all. See if you have picked up on a DNS server that is not correct. If so, you will not be able to get the DNS query for the Authenticating server to propogate back. So, you will not be able to communicate with the Authenticating server. Hence, you will not be able to authenticate and recieve errors like you are seeing. Flush the DNS cache and manually configure your list of preferred DNS servers to the correct NICS.

There is a fix to the 2003 server. It is a patch.
Have a look at this:
 -- http://support.microsoft.com/?id=832478
______________________________________________________________________________
Now, It is time to try and force replicate:
To force replicate, and save yourself time:
a) go to the Active Directory Sites and Services Snapin
b) navigate to Default First Site>>Servers
c)Pick the server you want to replicate TO and expand it
d)right click what is showing (NTDS site?) and select "replicate now"


Your DC's will replicate in approximately 8 hours after making it a domain server. The force replication is used to save you the eight hours.       

If your 4960 SPNego error persists, please post a question in Experts Exchange server zone that defines what server you are currently using?
 
1
Comment
Author:ChiefIT
  • 2
  • 2
5 Comments
 
LVL 20

Expert Comment

by:Brian
FYI - You've got some of your records wrong...you say SVR records when it should be SRV.

Brian
0
 
LVL 39

Author Comment

by:ChiefIT
OOPs, thanks for catching that for me.
0
 

Expert Comment

by:Lasareath
The URL works but you cannot download the files anymore :(

http://support.microsoft.com/?id=832478


0
 
LVL 39

Author Comment

by:ChiefIT
@Lasareath:

Yes, this means that a service pack or hotfix has already been downloaded to fix your issue. I saw your problems on another question you posted, reviewed them, and it looks like a DNS related issue caused your problem. If you continue to have issues, I will monitor your question asking. I usually am on the zone 2003 server. Posting another question to troubleshoot and fix further might be necessary, but make sure you include the 2003 server zone.
0
 

Expert Comment

by:Lasareath
Thanks!
0

Featured Post

Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

Join & Write a Comment

Learn the basics of Skype For Business in office 365
Watch this online video tutorial and learn the best way to reduce Outlook mailbox size using Compact Now feature of Outlook. It removes the deletes item's space from Microsoft Outlook 2016, 2013, and 2010 and compresses the PST file size. This will …

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month