DNS service failed due to NTLMSSP

Posted on 2005-05-14
Last Modified: 2013-12-23
I have an odd problem.  I am new to a company, replacing the old sysadmin so am working on a machine I don't really know the history of.  This is on a 2000 Server with SP4 (It is _NOT_ NT) and most of its windows updates.  Anyway I need to install DNS which was easy enough to do, but when I try to start the service, it give me an error:
Could not start the DNS Server service on Local Computer.
Error 1068: The dependency service or group failed to start.

And it adds this to the event log:

Event Type:      Error
Event Source:      Service Control Manager
Event Category:      None
Event ID:      7001
Date:            5/14/2005
Time:            3:42:04 PM
User:            N/A
Computer:      MACHINE
The DNS Server service depends on the NT LM Security Support Provider service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.  

So when I try to start the NT LM Security Support Provider it doesn't have that option.  When I try for properties it says:

Unable to open service NT LM Security Support Provider for reading on Local Computer.
Error 5: Access is denied.

I am an admin on the machine.
If I try to start it from the cmd it gives me the same access is denied error.  I have a few other services acting the same way (NetMeeting Remote Desktop Sharing, Routing and Remote Access, TCP/IP NetBIOS Helper Service and Telnet).

Other then this the machine seems fine, the device manager has no X's, the event viewer doesn't seem to have much in the way of unexplained errors.  Everything seems ok.

Any thoughts on how I can fix this?
Question by:NRCody
    LVL 2

    Author Comment

    Doh, the reason I said I am _NOT_ using NT is because almost all the questions that I searched on where about NT not 2000.  Then what do I do, I post it into the wrong window and post it to the NT topics.  My bad.
    LVL 2

    Author Comment

    The fix for this turned out to be easy.  For the NTLMSSP problem all I had to do was uninstall and reinstall the Client for Microsoft Networks.  Our guess is the previous admin disabled or broke lsass.exe when all those viri where taking advantage of it.
    Anyway, no 500 points for anyone.  Could an admin please clost this question.
    LVL 2

    Author Comment

    Ok, after much mucking around with this I found the true answer to this problem.  The services are being disabled by a domain security policy.  Why uninstalling and reinstalling the service "fixed" this I don't know.  And why Error 5 doesn't flag all over the place as meaning it could be this I also don't know.  And hell, why it doesn't say Error 5: access is denied because of a Domain Security Policy I don't know either.

    Accepted Solution

    PAQed with points refunded (500)

    Community Support Moderator
    LVL 2

    Author Comment

    I guess I should have finally done the final final follow up on my own post.  How I ended up fixing this was by taking the regkey for the service NtLmSsp from a working machine and merging it with the non working machine.  It seems that something broke the key or cut it down to a smaller size.  
    This is the key:

    Windows Registry Editor Version 5.00

    "DisplayName"="NT LM Security Support Provider"
    "Description"="Provides security to remote procedure call (RPC) programs that use transports other than named pipes."




    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
    This article is in response to a question ( here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now