Abbas9889
asked on
Event IDs 40960 + 40961
Hello Experts,
A strange issue surfaced on a client computer which is running XP SP3, hostname is CLIENT1. We have a Windows 2003 domain. The issue is just with this one particular user, his AD account gets locked every few hours automatically. The event 40960 and 40961 are logged in the eventviewer of the client. The DC eventviewer does not show any errors.
__________________________ __________ __________ __________ __________ _________
40960
The Security System could not establish a secured connection with the server cifs/client2.domain.com. No authentication protocol was available.
40961
The Security System detected an attempted downgrade attack for server cifs/client2.domain.com. The failure code from authentication protocol Kerberos was "The user account has been automatically locked because too many invalid logon attempts or password change attempts have been requested.
__________________________ __________ __________ __________ __________ _________
Done the following troubleshooting so far.
- Resetting the user password
- Disjoing/Rejoin to Domain.
- Changing the machine SID and computer account name
- Using a static IP address
- Reformatted the PC.
- Checked DNS settings, they are fine
- Checked time synchronization with server
- Changed Kerberos protocol from UPD to TCP.
Any help on how to resolve this issue will be appreciated.
Regards,
Abby
A strange issue surfaced on a client computer which is running XP SP3, hostname is CLIENT1. We have a Windows 2003 domain. The issue is just with this one particular user, his AD account gets locked every few hours automatically. The event 40960 and 40961 are logged in the eventviewer of the client. The DC eventviewer does not show any errors.
__________________________
40960
The Security System could not establish a secured connection with the server cifs/client2.domain.com. No authentication protocol was available.
40961
The Security System detected an attempted downgrade attack for server cifs/client2.domain.com. The failure code from authentication protocol Kerberos was "The user account has been automatically locked because too many invalid logon attempts or password change attempts have been requested.
__________________________
Done the following troubleshooting so far.
- Resetting the user password
- Disjoing/Rejoin to Domain.
- Changing the machine SID and computer account name
- Using a static IP address
- Reformatted the PC.
- Checked DNS settings, they are fine
- Checked time synchronization with server
- Changed Kerberos protocol from UPD to TCP.
Any help on how to resolve this issue will be appreciated.
Regards,
Abby
Hi Abby,
How many DC's do you have in your organisation?
How many DC's do you have in your organisation?
ASKER
Hi Guys,
I have checked the solutions given the eventid.net link above. Now, i have changed the NIC card on the PC and also changed profile, then gave the user another PC.
The issue seems to be AD account related. We have a total of 5 domain controllers, 3 in our main site and 2 in DR site. This PC is in the main site.
We have around 225 PCs here and only this seems to be giving this strange issue.
Any AD-related suggestions please.
Abby.
I have checked the solutions given the eventid.net link above. Now, i have changed the NIC card on the PC and also changed profile, then gave the user another PC.
The issue seems to be AD account related. We have a total of 5 domain controllers, 3 in our main site and 2 in DR site. This PC is in the main site.
We have around 225 PCs here and only this seems to be giving this strange issue.
Any AD-related suggestions please.
Abby.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.eventid.net/display.asp?eventid=40960&eventno=8508&source=LSASRV&phase=1