We run an environment with five Windows Server 2003 R2 x64 servers. We have two domain controllers, and then three servers for various purposes. On the server that acts primarily as our file server, I am seeing recurring errors from the Security System in our event log.
Specifically, the error ID I am normally seeing is 40960 and the specific error text is one of the following two:
"The Security System detected an authentication error for the server LDAP/server.domain/domain@domain. The failure code from authentication protocol Kerberos was "The user account has time restrictions and may not be logged onto at this time.
"The Security System detected an authentication error for the server LDAP/server.domain/domain@domain. The failure code from authentication protocol Kerberos was "The referenced account is currently disabled and may not be logged on to.
In all cases, the server it is referencing in the error is one of our two domain controllers. Each domain controller appears in some of the errors. I cannot figure out why this would be the case, though, as the computer accounts for our domain controllers should certainly not be disabled nor have any time restrictions on when they can interact with another server.
These errors are appearing regularly at least every hour or two.
Any suggestions would be most appreciated.