Solved

The Security System detected an attempted downgrade attack

Posted on 2004-08-25
7
9,240 Views
Last Modified: 2013-12-07
I am getting the following errors on all PC’s when loading Windows.
We are running XP Profesional PC's with Windows 2000 Server(Service Pack 4)
The login script will not run.
Users are able to logoff/login succesfully after first the first login fails.
Event Type:     Warning
Event Source:     LSASRV
Event Category:     SPNEGO (Negotiator)
Event ID:     40960
Date:          8/24/2004
Time:          3:10:31 PM
User:          N/A
Computer:     DRAKELAP005
Description:
The Security System detected an attempted downgrade attack for server cifs/servername.domain.com.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
 (0xc000005e)".
0
Comment
Question by:cookd47
  • 5
7 Comments
 
LVL 1

Expert Comment

by:slapshot45
ID: 11899685
have you run windows update on all your servers and workstations to the latest critical updates/service packs?

Sounds like there is no domain controller to authenticate the users or at least the client cant find the server for some reason. any changes made to your netwtork/servers recently?
0
 

Author Comment

by:cookd47
ID: 11899723
There is only one Domain Controller. Once windows is loaded, you can logoff, and login and there is no problem. I have removed, and added Machine accounts, Ran SP4 again.
The problem started when four PC's were replaced. There are other errors as well:

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 29
Date: 8/24/2004
Time: 3:10:23 PM
User: N/A
Computer: DRAKELAP005
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time.

AND:


Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5719
Date: 8/24/2004
Time: 3:10:19 PM
User: N/A
Computer: DRAKELAP005
Description:
No Domain Controller is available for domain DCW2K due to the following:
There are currently no logon servers available to service the logon request. .
Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator

This seems like some type of delay in the authentication process. I have another open question on the original problem. I am going to install Windows 2000 Resource Kit, and try some of the tools.
0
 

Author Comment

by:cookd47
ID: 11899725
Note:
When the users have a succesful login( script runs; drives mapped), there are no errors in the event log.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 20

Accepted Solution

by:
Debsyl99 earned 500 total points
ID: 11905511
Hi

Have you configured the time service at all ie for the PC's to sync from the DC? Authentication is critically dependent on time syncing across the domain ie from a command prompt on a client run

net time (enter)
and see what it says - it should report the time at its authoritative time source. Then try

net time /setsntp:yourservername  (enter)

Also make sure the windows time service is running on DC and clients. Are the clients able to ping the DC by IP and name ok?

A resolution problem may cause the clients to be unable to sync,

Let us know

Deb :))
0
 

Author Comment

by:cookd47
ID: 11906498
Thanks for the comments, I will be back on site Friday afternoon.
0
 

Author Comment

by:cookd47
ID: 11957474
I will be back on site 9/2/04 in afternoon
0
 

Author Comment

by:cookd47
ID: 12217876
Although the tie Service was a symptom, it was not the problem. I had the same issue come up at another client...although a complete rebuild solved the problem, the issue is still open
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Internet Speed Test 5 70
WAN IP Conflict on Sonicwall 5 60
site to site tunnel not autostarting 5 36
Extending  a subnet 9 39
Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now