• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2116
  • Last Modified:

How does one resolve the NEGOTIATE_DOWNGRADE_DETECTED error message (Event ID 40960) in Windows Xp Pro?

I have an HP Compaq nc6120 running Windows Xp sp3. All windows updates are installed. Yesterday, while the user was working remotely from home could not log into it because she claimed it would not boot up. I have not been able to duplicate that boot up issue. This morning when I examined event viewer on it I found Even ID 40960 "NEGOTIATE_DOWNGRADE_DETECTED" How do I resolve this issue?
0
cheyliger
Asked:
cheyliger
  • 5
  • 4
1 Solution
 
Adam LeinssCommented:
Do you have the complete error message?  This sounds like it wanted to use Kerberos, but downgraded back to NTLM, but without the complete error message, it's anyone's guess.
0
 
cheyligerAuthor Commented:
I'm currently running a windows repair on it. As soon as it's finished I'll provide you with the complete error msg.
0
 
cheyligerAuthor Commented:
Aleinss,

Here is the exact error msg "The Security System detected an attempted downgrade attack for server DNS/cbru.br.ns.els-gms.att.net. The failure code authentication protocol Kerberos was "Ther are currently no logon servers available to service the logon request.
(0xc00005e)".
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Adam LeinssCommented:
Check the time between client and server as given here:
http://www.experts-exchange.com/Networking/Misc/Q_21107740.html
Run GPEDIT.MSC
Under Computer Configuration>Windows Settings>Local Policies>Security Options
Make sure the responds are sent to NTLM V2 only
http://www.aas.duke.edu/asist/techstaff/pc/AD/NTLMv2/lmcompatibilitylevel.gif 
0
 
cheyligerAuthor Commented:
I just wanted to take this opportunity to inform you that this issue occured while the laptop was not in the domain. It happened while the user was using it remotely from home.
0
 
Adam LeinssCommented:
So she wasn't VPNing in to the domain, but was using it disconnected from your network?  If so, then that error message is probably normal.
When you said it wouldn't boot up, I thought you were referring to get to the login screen, but not getting past that, but if you had to run a repair on the OS, it sounds like something got corrupted in the operating system.
0
 
cheyligerAuthor Commented:
Aleinss,

The user was attempting to use the laptop from home she claimed that she couldn't even get to the logon screen.  However, when she brought the laptop to the office and gave it  to me I was able to power it up and run a Full virus scan without it being connected to the network. Later I was able to successfully defragment the harddrive and later run windows repair without any reoccurence of the issue.
0
 
Adam LeinssCommented:
I think your course of action was correct...the error just means it couldn't contact the DC and if she wasn't using VPN, that would be a normal error that would get logged.

It won't cause the laptop not to boot.
0
 
cheyligerAuthor Commented:
I agree with your accessment. I was just reporting what she reported to me. I'm of the opinion that if she couldn't get the laptop to bootup, it would have occured at least once when I was working on it. As I've rebooted it at least 10 times today without any problems. I've since returned it to the user.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now