FriscoSam
asked on
Event error 40960 and 40961, clients can't access network shares
Hello Experts,
I am having an issue with a Win2003 R2 domain network, with Win2K and XP clients.
This is a brand new domain that I created to replace an older Win2k (upgraded from WinNT) domain. Although I did not migrate accounts to the new domain (it is a new install with new accounts and AD), the problems I am experiencing occur in the new network as well as the old. For this reason, I suspect that one or all of the (20) clients are having issues.
I have reviewed previous Experts posts with the same error messages and I have visited EventID.net as well. I have implemented several of the (relevant) suggestions at both sites, to no avail. On the affected clients, I am receiving Event ID errors 40960 and 40961 with the following data:
Source: LSASRV
Category: SPNEGO (Negotiator)
Type: Warning
Event ID: 40960
The Security System detected an attempted downgrade attack for server LDAP/servername.main.xyz.c
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event Type: Warning
Event ID: 40961
Date: date
Time: time
User: N/A
Computer: <ComputerName>
Description: The Security System could not establish a secured connection with the server ldap/Computername.domain.c
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
At the end of the workday, (around 5:00PM), several clients lose connectivity to the server (network shares) and record these error messages. I do occasionally receive a W32Time error on some of the clients. Network logon at the clients is somewhat slow (1-3 mins), and I have found that a reboot of ANY client on the domain clears up the problem.
I have attempted the following fixes:
Server is running DNS service, and I have made the (static) IP the first DNS entry for local translations. Also, I have created a reverse lookup zone on the server.
I have checked every NIC setting on the clients to be sure that none respond to Wake on LAN, hibernate, or power management mode.
I am running a single server (for now), syncing to an external time source. When the slowdown occurs I have run NET TIME on the clients to check time sync. All appear to be synced properly/all times match.
I have checked the server and all clients for running processes (AV downloads, sweeps, etc.) at that time, and there are no scheduled events.
I have installed a network sniffer (Ethersnoop) to see if there are broadcast storms happening, and all traffic seems normal.
I certainly could use some help on this one!
TIA, FriscoSam
PS. I am in the process of replacing the 5 Win2k machines because they are older, but the problem occurs on those and XP machines as well.
I am having an issue with a Win2003 R2 domain network, with Win2K and XP clients.
This is a brand new domain that I created to replace an older Win2k (upgraded from WinNT) domain. Although I did not migrate accounts to the new domain (it is a new install with new accounts and AD), the problems I am experiencing occur in the new network as well as the old. For this reason, I suspect that one or all of the (20) clients are having issues.
I have reviewed previous Experts posts with the same error messages and I have visited EventID.net as well. I have implemented several of the (relevant) suggestions at both sites, to no avail. On the affected clients, I am receiving Event ID errors 40960 and 40961 with the following data:
Source: LSASRV
Category: SPNEGO (Negotiator)
Type: Warning
Event ID: 40960
The Security System detected an attempted downgrade attack for server LDAP/servername.main.xyz.c
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event Type: Warning
Event ID: 40961
Date: date
Time: time
User: N/A
Computer: <ComputerName>
Description: The Security System could not establish a secured connection with the server ldap/Computername.domain.c
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
At the end of the workday, (around 5:00PM), several clients lose connectivity to the server (network shares) and record these error messages. I do occasionally receive a W32Time error on some of the clients. Network logon at the clients is somewhat slow (1-3 mins), and I have found that a reboot of ANY client on the domain clears up the problem.
I have attempted the following fixes:
Server is running DNS service, and I have made the (static) IP the first DNS entry for local translations. Also, I have created a reverse lookup zone on the server.
I have checked every NIC setting on the clients to be sure that none respond to Wake on LAN, hibernate, or power management mode.
I am running a single server (for now), syncing to an external time source. When the slowdown occurs I have run NET TIME on the clients to check time sync. All appear to be synced properly/all times match.
I have checked the server and all clients for running processes (AV downloads, sweeps, etc.) at that time, and there are no scheduled events.
I have installed a network sniffer (Ethersnoop) to see if there are broadcast storms happening, and all traffic seems normal.
I certainly could use some help on this one!
TIA, FriscoSam
PS. I am in the process of replacing the 5 Win2k machines because they are older, but the problem occurs on those and XP machines as well.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Thankyou :)
ASKER
My apologies for not commenting sooner. We had a a family emergency last week.
I have been able to resolve the issue I was having by pointing all client machines (DNS settings) direclty to the Domain (DNS) server. I previously tried this fix on one client machine, but it didn't appear to solve the issue. Since that client machine was slated for replacement, I pointed the DNS on the newer client, and the delay vanished. I have since pointed all clients to the DS server and things are humming now.
Although I did not directly use the respondents information, would like to reward their participation by awarding split points.
Thank you all for your help in this resolution
FriscoSam