LsaSrv SPNEGO 40961 error leading to system freeze under XP Pro SP2

I have a Dell Inspiron E1505 system w/ dual core intel processor.  1 GB memory, 80 GB HD.  Radeon x1300 video card.  Running XP Pro SP2 with all security patches up to date.  

I had a hard drive fail last week and Dell replaced it.  After reinstallation of all oftware, with the only new program being Microsoft OneCare for virus, spyware, etc (My TrendMicdo subscription just expired), I have had several lockups of the system.  The screen freezes, no blue screen, no error messages.  Just a total lock up.  Nothing consistent about what program I am using or anything between the different lockups.  

After talking to Dell, we found several entries in the system event viewer around the times of the lockups.  It referred to the source as being LsaSrv and event being 40961 with a category SPNEGO.  

I have googled this problem, searched the MS support database and checked here and have found similar errors, but not a similar result (freeze of the system).  

As I noted, the only different program that I have installed is OneCare Live, but I found no other users having a similar problem.  Any suggestions on solutions?
LVL 1
erinchAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

younghvCommented:
erinch,
We fight this one all the time - 'authentication' 40961 and lsasvr.
Vic

From 'My Computer' Properties, drop the computer down into a Workgroup (DO NOT RE-BOOT).
Immediately go back in and re-add the computer to the Domain.

Reboot.

Stop and re-start the w32time service - and make sure it synchronizes time with the DC.

We have written a batch command at work with the steps below imbedded.
It seems to work for us.

To configure a client computer for automatic domain time synchronization

 1.  Open a Command Prompt.

2.  Type the following command and then press ENTER:

w32tm /config /syncfromflags:domhier /update

3.  Type the following command and then press ENTER:

net stop w32time

4.  Type the following command and then press ENTER:

net start w32time

Check the local workstation Event Viewer for Event ID 40961 or 9 - or anything else that relates to 'authentication errors'.
Make sure the boxes are not going into any kind of 'sleep' or hibernation mode.
Shutting down the monitor is fine, I never advise any automatic action with the CPU.

Any Terminal Services functions/connections?
When users logged into a terminal server and terminal sessions were disconnected (but not terminated).
Improperly terminating those connections will create the same symptoms.
0
erinchAuthor Commented:
So, this error can occur even when the system isn't logged into any network?  I have had it happen when connected to my wifi at home and then connected to the wired office network.

Just confirming before going through the steps
0
younghvCommented:
erinch,
The use of OneCare Live bothers me also. I tried it for a few days last year, but had a lot of 'glitchy' type problems with it. Nothing big, but just seemed to be interfering with the OS.

The 'sleep or hibernate' mode created a lot of problems for use and we disabled it on all computers on our domain.

Compare the times in your Event Viewer logs for this event. Are you getting them while at home or just when you are wired at work?

Vic
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

erinchAuthor Commented:
The problems are happening both at home and at work.  I am going to try the first possible solution and also uninstall onecare and go with what I know works.  

0
younghvCommented:
OK - if you are going to drop it to workgroup and re-add --- MAKE SURE you are at work and hard wired to the domain.

Vic
0
erinchAuthor Commented:
So far since uninstalling OneCare Live (I have not attempted the other steps), I have had no lockups in nearly 2 days
0
younghvCommented:
erinch,
Amazing isn't it (One Care)?
Their own product and it interferes with their own OS.
I had it on my personal notebook last year and thought it might just be because of all the misc junk I have installed there.

BTW - were you running any other 3rd-Party Security programs at the same time as One Care?

Vic
0
erinchAuthor Commented:
I was waiting to report until I had several more days of crash-free living.  So far so good still.  

Apparently, Vic, as you noted, OneCare messes up MS' own OS.  Quality work.  

No, I wasn't running any other security programs at the time.  

Anyway, I think we can call this closed.  Thanks for your help.  
0
younghvCommented:
Thank you.

When you get a chance, take a look at some of the pending questions and share your knowledge.
We're always looking for more folks to contribute.

Vic
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Laptops Notebooks

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.