Solved

Error connecting to workstation

Posted on 2008-10-13
10
304 Views
Last Modified: 2010-04-21
SBS 2003 shows the events below on only one of about 30 workstations on our LAN.
It shows this every morning when the operator logs on.

The workstation [referred to in the error messages as "XXXX"] is running XP Pro SP3.

This workstation is the only workstation that shows the correct [real world] time. Even our servers are about 17 minutes ahead of real time as are all of the other workstations. There is some problem that has existed for years that keeps our system at +17 minutes. It has never been a problem...just a little pain.

I can find nothing on the workstation that would account for this discrepancy in the time.
There is no problem with this workstation connecting to the LAN or Internet. There are no hardware issues.

The time thing is one part of the issue.
The other part is that the error messages keep referring to XXXX as a "server".
That bothers me.
I have never seen any of the other workstations referred to as a server on our LAN.

Is there a reason for concern?
Is it possible that this workstation is trying to work as a server in some capacity, maybe as a bot?
I have run SpywareDoctor, Spybot S&D, Adaware, HijackThis, & RootKit Revealer and found nothing.



Event Type:	Error

Event Source:	Kerberos

Event Category:	None

Event ID:	5

Date:		10/13/2008

Time:		7:41:45 AM

User:		N/A

Computer:	[SERVER]

Description:

The kerberos client received a KRB_AP_ERR_TKT_NYV error from the server XXXX$.  This indicates that the ticket used against that server is not yet valid (in relationship to that server time).  Contact your system administrator  to make sure the client and server times are in sync, and that the KDC in realm DOMAIN.OFFICE is  in sync with the KDC in the client realm.
 

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
 
 

Event Type:	Warning

Event Source:	LSASRV

Event Category:	SPNEGO (Negotiator) 

Event ID:	40960

Date:		10/13/2008

Time:		7:41:46 AM

User:		N/A

Computer:	[SERVER]

Description:

The Security System detected an authentication error for the server cifs/ XXXX.DOMAIN.office.  The failure code from authentication protocol Kerberos was "{Operation Failed}

The requested operation was unsuccessful.

 (0xc0000001)".
 

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Data:

0000: 01 00 00 c0               ...À    
 
 
 

Event Type:	Warning

Event Source:	LSASRV

Event Category:	SPNEGO (Negotiator) 

Event ID:	40960

Date:		10/13/2008

Time:		8:01:48 AM

User:		N/A

Computer:	[SERVER]

Description:

The Security System detected an authentication error for the server cifs/ XXXX.  The failure code from authentication protocol Kerberos was "{Operation Failed}

The requested operation was unsuccessful.

 (0xc0000001)".
 

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Data:

0000: 01 00 00 c0               ...À

Open in new window

0
Comment
Question by:Horn E. Towed
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22703775
0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22703779
IIS 6.0: DCPROMO Does Not Retain Permissions on Some IIS Folders
http://support.microsoft.com/?kbid=332097
0
 
LVL 10

Author Comment

by:Horn E. Towed
ID: 22704199
Sort of a "shotgun blast" approach to anything than might refer to part of the problem, huh?

Most of that ^ doesn't refer to my issues at all.   :-\


0
 
LVL 16

Accepted Solution

by:
GUEEN earned 300 total points
ID: 22706900
This is easy!  My advice to you is to get your servers straight with a time server first, then the workstations need to be addressed.

Next you need to be sure that your server time is syncing correctly with a time server - this is of utmost importance for time stamps, etc...
http://support.microsoft.com/kb/816042

net time /domain:[domainname] on each workstation - see http://windowsitpro.com/article/articleid/72203/jsi-tip-0879-net-time--domaindomainname-does-not-work-as-expected.html


 

0
 
LVL 2

Assisted Solution

by:SAIonline
SAIonline earned 197 total points
ID: 22707058
The default time difference Kerberos will allow is 5 minutes.  I would say set the time on the affected PC to within 5 minutes of the server and that should clear the 40960 error.  

cmd - Net Time \\"servername" /SET should match the pc to the server

Then go with the first link from Shekerra to set the overall time.  
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 10

Author Comment

by:Horn E. Towed
ID: 22707830
We have had people look at the time thing before I got served these servers.
They were unable to find the problem.

I'll look into it bit more tomorrow or when  I get the time.

I still don't understand why this one workstation does not sync with the servers' time, though.
All of the others do.

Also what is the deal with the server calling this workstation a server?
0
 
LVL 10

Author Comment

by:Horn E. Towed
ID: 22711585
No time to address this today.
I have Exchange issues [and so does the server]

I'll be back.
0
 
LVL 16

Expert Comment

by:GUEEN
ID: 22711942
I absolutely hate this editor - grrrrrrrrrr.
Too many times when I attempt to paste a link here it deletes all prior information...  

Maybe you just need a hotfix


Or maybe it is a registry setting?
\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters
MaintainServerList

change value to    NO
0
 
LVL 10

Author Comment

by:Horn E. Towed
ID: 22761906
ping
0
 
LVL 10

Author Closing Comment

by:Horn E. Towed
ID: 31505598
We got the time thing straightened out somehow.
Good info from shek & good Kerberos info from SAI.
Both helped. Gracias!
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now