wicked711
asked on
LSASRV Event Log errors, EventID 40960
On our member server (not a DC just fileserv'ing), just started getting some LSASRV 40960 errors in the event log:
=====
The Security System detected an authentication error for the server cifs/<server FQDN>. The failure code from authentication protocol Kerberos was "The attempted logon is invalid. This is either due to a bad username or authentication information.
(0xc000006d)".
=====
It's happening every hour or so and there is a seperate entry in this file servers log for each DC in the forest, including the DC in our child domain.
The domain admin password was changed recently so i THINK it has something to do with this, if that's the cause then i can't figure out what app or service on this server is trying to authenticate with the old password.
Any ideas on which service/app is causing this and how i can update the credentials its using or even if this is the cause?
On the actual DC it doesn't have this issue.
=====
The Security System detected an authentication error for the server cifs/<server FQDN>. The failure code from authentication protocol Kerberos was "The attempted logon is invalid. This is either due to a bad username or authentication information.
(0xc000006d)".
=====
It's happening every hour or so and there is a seperate entry in this file servers log for each DC in the forest, including the DC in our child domain.
The domain admin password was changed recently so i THINK it has something to do with this, if that's the cause then i can't figure out what app or service on this server is trying to authenticate with the old password.
Any ideas on which service/app is causing this and how i can update the credentials its using or even if this is the cause?
On the actual DC it doesn't have this issue.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Grand, glad it might have helped!
ASKER
Ok, errors werre still occuring, reboot fixed it up.
Glad its fixed!
http://www.eventid.net/display.asp?eventid=40960&eventno=8508&source=LSASRV&phase=1