?
Solved

The Security System detected an attempted downgrade attack

Posted on 2004-08-25
7
Medium Priority
?
9,368 Views
Last Modified: 2013-12-07
I am getting the following errors on all PC’s when loading Windows.
We are running XP Profesional PC's with Windows 2000 Server(Service Pack 4)
The login script will not run.
Users are able to logoff/login succesfully after first the first login fails.
Event Type:     Warning
Event Source:     LSASRV
Event Category:     SPNEGO (Negotiator)
Event ID:     40960
Date:          8/24/2004
Time:          3:10:31 PM
User:          N/A
Computer:     DRAKELAP005
Description:
The Security System detected an attempted downgrade attack for server cifs/servername.domain.com.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
 (0xc000005e)".
0
Comment
Question by:cookd47
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
7 Comments
 
LVL 1

Expert Comment

by:slapshot45
ID: 11899685
have you run windows update on all your servers and workstations to the latest critical updates/service packs?

Sounds like there is no domain controller to authenticate the users or at least the client cant find the server for some reason. any changes made to your netwtork/servers recently?
0
 

Author Comment

by:cookd47
ID: 11899723
There is only one Domain Controller. Once windows is loaded, you can logoff, and login and there is no problem. I have removed, and added Machine accounts, Ran SP4 again.
The problem started when four PC's were replaced. There are other errors as well:

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 29
Date: 8/24/2004
Time: 3:10:23 PM
User: N/A
Computer: DRAKELAP005
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time.

AND:


Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5719
Date: 8/24/2004
Time: 3:10:19 PM
User: N/A
Computer: DRAKELAP005
Description:
No Domain Controller is available for domain DCW2K due to the following:
There are currently no logon servers available to service the logon request. .
Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator

This seems like some type of delay in the authentication process. I have another open question on the original problem. I am going to install Windows 2000 Resource Kit, and try some of the tools.
0
 

Author Comment

by:cookd47
ID: 11899725
Note:
When the users have a succesful login( script runs; drives mapped), there are no errors in the event log.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 20

Accepted Solution

by:
Debsyl99 earned 1500 total points
ID: 11905511
Hi

Have you configured the time service at all ie for the PC's to sync from the DC? Authentication is critically dependent on time syncing across the domain ie from a command prompt on a client run

net time (enter)
and see what it says - it should report the time at its authoritative time source. Then try

net time /setsntp:yourservername  (enter)

Also make sure the windows time service is running on DC and clients. Are the clients able to ping the DC by IP and name ok?

A resolution problem may cause the clients to be unable to sync,

Let us know

Deb :))
0
 

Author Comment

by:cookd47
ID: 11906498
Thanks for the comments, I will be back on site Friday afternoon.
0
 

Author Comment

by:cookd47
ID: 11957474
I will be back on site 9/2/04 in afternoon
0
 

Author Comment

by:cookd47
ID: 12217876
Although the tie Service was a symptom, it was not the problem. I had the same issue come up at another client...although a complete rebuild solved the problem, the issue is still open
0

Featured Post

Get proactive database performance tuning online

At Percona’s web store you can order full Percona Database Performance Audit in minutes. Find out the health of your database, and how to improve it. Pay online with a credit card. Improve your database performance now!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question