• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 323
  • Last Modified:

Error connecting to workstation

SBS 2003 shows the events below on only one of about 30 workstations on our LAN.
It shows this every morning when the operator logs on.

The workstation [referred to in the error messages as "XXXX"] is running XP Pro SP3.

This workstation is the only workstation that shows the correct [real world] time. Even our servers are about 17 minutes ahead of real time as are all of the other workstations. There is some problem that has existed for years that keeps our system at +17 minutes. It has never been a problem...just a little pain.

I can find nothing on the workstation that would account for this discrepancy in the time.
There is no problem with this workstation connecting to the LAN or Internet. There are no hardware issues.

The time thing is one part of the issue.
The other part is that the error messages keep referring to XXXX as a "server".
That bothers me.
I have never seen any of the other workstations referred to as a server on our LAN.

Is there a reason for concern?
Is it possible that this workstation is trying to work as a server in some capacity, maybe as a bot?
I have run SpywareDoctor, Spybot S&D, Adaware, HijackThis, & RootKit Revealer and found nothing.



Event Type:	Error
Event Source:	Kerberos
Event Category:	None
Event ID:	5
Date:		10/13/2008
Time:		7:41:45 AM
User:		N/A
Computer:	[SERVER]
Description:
The kerberos client received a KRB_AP_ERR_TKT_NYV error from the server XXXX$.  This indicates that the ticket used against that server is not yet valid (in relationship to that server time).  Contact your system administrator  to make sure the client and server times are in sync, and that the KDC in realm DOMAIN.OFFICE is  in sync with the KDC in the client realm.
 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
 
 
Event Type:	Warning
Event Source:	LSASRV
Event Category:	SPNEGO (Negotiator) 
Event ID:	40960
Date:		10/13/2008
Time:		7:41:46 AM
User:		N/A
Computer:	[SERVER]
Description:
The Security System detected an authentication error for the server cifs/ XXXX.DOMAIN.office.  The failure code from authentication protocol Kerberos was "{Operation Failed}
The requested operation was unsuccessful.
 (0xc0000001)".
 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 01 00 00 c0               ...À    
 
 
 
Event Type:	Warning
Event Source:	LSASRV
Event Category:	SPNEGO (Negotiator) 
Event ID:	40960
Date:		10/13/2008
Time:		8:01:48 AM
User:		N/A
Computer:	[SERVER]
Description:
The Security System detected an authentication error for the server cifs/ XXXX.  The failure code from authentication protocol Kerberos was "{Operation Failed}
The requested operation was unsuccessful.
 (0xc0000001)".
 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 01 00 00 c0               ...À

Open in new window

0
Silver Shroud
Asked:
Silver Shroud
  • 5
  • 2
  • 2
  • +1
2 Solutions
 
sk_raja_rajaCommented:
IIS 6.0: DCPROMO Does Not Retain Permissions on Some IIS Folders
http://support.microsoft.com/?kbid=332097
0
 
Silver ShroudAuthor Commented:
Sort of a "shotgun blast" approach to anything than might refer to part of the problem, huh?

Most of that ^ doesn't refer to my issues at all.   :-\


0
[Webinar] Kill tickets & tabs using PowerShell

Are you tired of cycling through the same browser tabs everyday to close the same repetitive tickets? In this webinar JumpCloud will show how you can leverage RESTful APIs to build your own PowerShell modules to kill tickets & tabs using the PowerShell command Invoke-RestMethod.

 
GUEENCommented:
This is easy!  My advice to you is to get your servers straight with a time server first, then the workstations need to be addressed.

Next you need to be sure that your server time is syncing correctly with a time server - this is of utmost importance for time stamps, etc...
http://support.microsoft.com/kb/816042

net time /domain:[domainname] on each workstation - see http://windowsitpro.com/article/articleid/72203/jsi-tip-0879-net-time--domaindomainname-does-not-work-as-expected.html


 

0
 
SAIonlineCommented:
The default time difference Kerberos will allow is 5 minutes.  I would say set the time on the affected PC to within 5 minutes of the server and that should clear the 40960 error.  

cmd - Net Time \\"servername" /SET should match the pc to the server

Then go with the first link from Shekerra to set the overall time.  
0
 
Silver ShroudAuthor Commented:
We have had people look at the time thing before I got served these servers.
They were unable to find the problem.

I'll look into it bit more tomorrow or when  I get the time.

I still don't understand why this one workstation does not sync with the servers' time, though.
All of the others do.

Also what is the deal with the server calling this workstation a server?
0
 
Silver ShroudAuthor Commented:
No time to address this today.
I have Exchange issues [and so does the server]

I'll be back.
0
 
GUEENCommented:
I absolutely hate this editor - grrrrrrrrrr.
Too many times when I attempt to paste a link here it deletes all prior information...  

Maybe you just need a hotfix


Or maybe it is a registry setting?
\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters
MaintainServerList

change value to    NO
0
 
Silver ShroudAuthor Commented:
ping
0
 
Silver ShroudAuthor Commented:
We got the time thing straightened out somehow.
Good info from shek & good Kerberos info from SAI.
Both helped. Gracias!
0

Featured Post

Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

  • 5
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now