<div>
This article might provide some information for you:<br />
<a href="http://www.eventid.net/display.asp?eventid=40960&eventno=8508&source=LSASRV&phase=1" rel="ugc">http://www.eventid.net/display.asp?eventid=40960&eventno=8508&source=LSASRV&phase=1</a>
</div>


This article might provide some information for you:
http://www.eventid.net/display.asp?eventid=40960&eventno=8508&source=LSASRV&phase=1 [http://www.eventid.net/display.asp?eventid=40960&eventno=8508&source=LSASRV&phase=1]

<div>
Grand, glad it might have helped!
</div>


<div>
Ok, errors werre still occuring, reboot fixed it up.
</div>


Ok, errors werre still occuring, reboot fixed it up.

<div>
<div class="content wysiwyg-content">
On our member server (not a DC just fileserv'ing), just started getting some LSASRV 40960 errors in the event log:<br />
=====<br />
The Security System detected an authentication error for the server cifs/&lt;server FQDN&gt;. &nbsp;The failure code from authentication protocol Kerberos was &quot;The attempted logon is invalid. This is either due to a bad username or authentication information.<br />
&nbsp;(0xc000006d)&quot;.<br />
=====<br />
It's happening every hour or so and there is a seperate entry in this file servers log for each DC in the forest, including the DC in our child domain.<br />
<br />
The domain admin password was changed recently so i THINK it has something to do with this, if that's the cause then i can't figure out what app or service on this server is trying to authenticate with the old password.<br />
<br />
Any ideas on which service/app is causing this and how i can update the credentials its using or even if this is the cause?<br />
<br />
On the actual DC it doesn't have this issue.
</div>
</div>


On our member server (not a DC just fileserv'ing), just started getting some LSASRV 40960 errors in the event log:
=====
The Security System detected an authentication error for the server cifs/<server FQDN>.  The failure code from authentication protocol Kerberos was "The attempted logon is invalid. This is either due to a bad username or authentication information.
 (0xc000006d)".
=====
It's happening every hour or so and there is a seperate entry in this file servers log for each DC in the forest, including the DC in our child domain.

The domain admin password was changed recently so i THINK it has something to do with this, if that's the cause then i can't figure out what app or service on this server is trying to authenticate with the old password.

Any ideas on which service/app is causing this and how i can update the credentials its using or even if this is the cause?

On the actual DC it doesn't have this issue.

LSASRV Event Log errors, EventID 40960

The Microsoft Legacy Operating System topic includes legacy versions of Microsoft operating systems prior to Windows 2000: All versions of MS-DOS and other versions developed for specific manufacturers and Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions, and Windows Mobile.

Microsoft Legacy OS

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).