• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 9488
  • Last Modified:

The Security System detected an attempted downgrade attack

I am getting the following errors on all PC’s when loading Windows.
We are running XP Profesional PC's with Windows 2000 Server(Service Pack 4)
The login script will not run.
Users are able to logoff/login succesfully after first the first login fails.
Event Type:     Warning
Event Source:     LSASRV
Event Category:     SPNEGO (Negotiator)
Event ID:     40960
Date:          8/24/2004
Time:          3:10:31 PM
User:          N/A
Computer:     DRAKELAP005
Description:
The Security System detected an attempted downgrade attack for server cifs/servername.domain.com.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
 (0xc000005e)".
0
cookd47
Asked:
cookd47
  • 5
1 Solution
 
slapshot45Commented:
have you run windows update on all your servers and workstations to the latest critical updates/service packs?

Sounds like there is no domain controller to authenticate the users or at least the client cant find the server for some reason. any changes made to your netwtork/servers recently?
0
 
cookd47Author Commented:
There is only one Domain Controller. Once windows is loaded, you can logoff, and login and there is no problem. I have removed, and added Machine accounts, Ran SP4 again.
The problem started when four PC's were replaced. There are other errors as well:

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 29
Date: 8/24/2004
Time: 3:10:23 PM
User: N/A
Computer: DRAKELAP005
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time.

AND:


Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5719
Date: 8/24/2004
Time: 3:10:19 PM
User: N/A
Computer: DRAKELAP005
Description:
No Domain Controller is available for domain DCW2K due to the following:
There are currently no logon servers available to service the logon request. .
Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator

This seems like some type of delay in the authentication process. I have another open question on the original problem. I am going to install Windows 2000 Resource Kit, and try some of the tools.
0
 
cookd47Author Commented:
Note:
When the users have a succesful login( script runs; drives mapped), there are no errors in the event log.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
Debsyl99Commented:
Hi

Have you configured the time service at all ie for the PC's to sync from the DC? Authentication is critically dependent on time syncing across the domain ie from a command prompt on a client run

net time (enter)
and see what it says - it should report the time at its authoritative time source. Then try

net time /setsntp:yourservername  (enter)

Also make sure the windows time service is running on DC and clients. Are the clients able to ping the DC by IP and name ok?

A resolution problem may cause the clients to be unable to sync,

Let us know

Deb :))
0
 
cookd47Author Commented:
Thanks for the comments, I will be back on site Friday afternoon.
0
 
cookd47Author Commented:
I will be back on site 9/2/04 in afternoon
0
 
cookd47Author Commented:
Although the tie Service was a symptom, it was not the problem. I had the same issue come up at another client...although a complete rebuild solved the problem, the issue is still open
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now