[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Event IDs 40960 + 40961

Posted on 2011-02-21
4
Medium Priority
?
2,639 Views
Last Modified: 2012-05-11
Hello Experts,

A strange issue surfaced on a client computer which is running XP SP3, hostname is CLIENT1.  We have a Windows 2003 domain.  The issue is just with this one particular user, his AD account gets locked every few hours automatically.  The event 40960 and 40961 are logged in the eventviewer of the client.  The DC eventviewer does not show any errors.

___________________________________________________________________________

40960
The Security System could not establish a secured connection with the server cifs/client2.domain.com.  No authentication protocol was available.

40961
The Security System detected an attempted downgrade attack for server cifs/client2.domain.com.  The failure code from authentication protocol Kerberos was "The user account has been automatically locked because too many invalid logon attempts or password change attempts have been requested.

___________________________________________________________________________

Done the following troubleshooting so far.

- Resetting the user password
- Disjoing/Rejoin to Domain.
- Changing the machine SID and computer account name
- Using a static IP address
- Reformatted the PC.
- Checked DNS settings, they are fine
- Checked time synchronization with server
- Changed Kerberos protocol from UPD to TCP.

Any help on how to resolve this issue will be appreciated.

Regards,
Abby
0
Comment
Question by:Abbas9889
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 34941107
There are several other suggestions available on the eventid.net, did you check them ?
http://www.eventid.net/display.asp?eventid=40960&eventno=8508&source=LSASRV&phase=1
0
 
LVL 2

Expert Comment

by:danny1875
ID: 34942745
Hi Abby,

How many DC's do you have in your organisation?
0
 

Author Comment

by:Abbas9889
ID: 34951148
Hi Guys,

I have checked the solutions given the eventid.net link above.  Now, i have changed the NIC card on the PC and also changed profile, then gave the user another PC.

The issue seems to be AD account related.  We have a total of 5 domain controllers, 3 in our main site and 2 in DR site.  This PC is in the main site.

We have around 225 PCs here and only this seems to be giving this strange issue.

Any AD-related suggestions please.

Abby.

0
 
LVL 2

Accepted Solution

by:
danny1875 earned 2000 total points
ID: 34952137
Could it be possible that there is an application or service on your network that uses the users account details to run or start a service? If their password has been changed and the service or software credentials are still the same, or cached somewhere, AD will lock the account due to the failed logon attempts.

If the user is desperate for this to stop happening, you could always up the lockout limit while you attempt to fix.

Hope this helps
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question