- for the errors 40960,40961, configure a DNS reverse lookup zone.
- For the error 3210, To correct this issue, you must reset the machine
account password on your domain controller. To do this, you'll require both
the Windows Support Tools and the Kerbtray.exe application. You should
already have the Windows Support Tools on Server. To install Kerbtray,
Install ResourceKit Tools.
You are now ready to proceed with resetting the computer account on Server.
Imagine that Server1 is one of your existing domain controllers and Server2
is your recently repaired domain controller that has been offline for over a
month.
1. Stop the Key Distribution Center (KDC) service on Server2. To do so, open
a Command Prompt, type net stop KDC, and press Enter.
2. Load Kerbtray.exe. You can do so by clicking Start, clicking Run, and
then typing c:\program files\resource kit\kerbtray.exe and pressing Enter.
You should see a little green ticket icon in your system tray in the lower
right corner of your desktop.
3. Purge the ticket cache on Server2, right-click the green ticket icon in
your system tray, and then click Purge Tickets. You should receive a
confirmation that your ticket cache was purged. Click OK.
4. Reset the Server domain controller account password on Server1 (the PDC
emulator).
To do so, open a command prompt and type: netdom /resetpwd /server:server2
/userd:domain.com\administrator /passwordd
assword, and then press Enter.
5. Synchronize the domain. To do so, open a command prompt, type repadmin
/syncall, and then press Enter.
6. Start the KDC service on Server2. To do so, open a command prompt, type
net start KDC, and press Enter. This completes the process, and the domain
controllers should be replicating success-fully now.
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
Jorge,
Thanks for taking the time to help with my problem.
All of this information looks like the suggestions offered by the
microsoft web site.
When I look at the event viewer I see messages that indicate the domain
controller cannot be found.
-----------------------------------------------------------------------------------------------------------------------------
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 6/26/2006
Time: 8:13:15 AM
User: N/A
Computer: PREPSERVER3
Description:
The Security System detected an authentication error for the server
cifs/prepserver1.prep. The failure code from authentication protocol
Kerberos was "The attempted logon is invalid. This is either due to a
bad username or authentication information.
(0xc000006d)".
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 6d 00 00 c0 m..À
-----------------------------------------------------------------------------------------------------------------------------
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: 6/26/2006
Time: 8:13:15 AM
User: N/A
Computer: PREPSERVER3
Description:
The Security System could not establish a secured connection with the
server cifs/prepserver1.prep. No authentication protocol was
available.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 6d 00 00 c0 m..À
-----------------------------------------------------------------------------------------------------------------------------
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 6/26/2006
Time: 8:15:30 AM
User: N/A
Computer: PREPSERVER3
Description:
The Security System detected an authentication error for the server
LDAP/prepserver1.prep/prep@prep. The failure code from authentication
protocol Kerberos was "The attempted logon is invalid. This is either
due to a bad username or authentication information.
(0xc000006d)".
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 6d 00 00 c0 m..À
-----------------------------------------------------------------------------------------------------------------------------
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: 6/26/2006
Time: 8:15:30 AM
User: N/A
Computer: PREPSERVER3
Description:
The Security System could not establish a secured connection with the
server LDAP/prepserver1.prep/prep@prep. No authentication protocol was
available.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 6d 00 00 c0 m..À
-----------------------------------------------------------------------------------------------------------------------------
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 3210
Date: 6/26/2006
Time: 8:15:33 AM
User: N/A
Computer: PREPSERVER3
Description:
This computer could not authenticate with \\prepserver1.prep, a Windows
domain controller for domain PREP, and therefore this computer might
deny logon requests. This inability to authenticate might be caused by
another computer on the same network using the same name or the
password for this computer account is not recognized. If this message
appears again, contact your system administrator.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 22 00 00 c0 "..À
-----------------------------------------------------------------------------------------------------------------------------
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 6/26/2006
Time: 9:13:24 AM
User: N/A
Computer: PREPSERVER3
Description:
The Security System detected an authentication error for the server
cifs/prepserver1.prep. The failure code from authentication protocol
Kerberos was "The attempted logon is invalid. This is either due to a
bad username or authentication information.
(0xc000006d)".
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 6d 00 00 c0 m..À
-----------------------------------------------------------------------------------------------------------------------------
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: 6/26/2006
Time: 9:13:24 AM
User: N/A
Computer: PREPSERVER3
Description:
The Security System could not establish a secured connection with the
server cifs/prepserver1.prep. No authentication protocol was
available.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 6d 00 00 c0 m..À
-----------------------------------------------------------------------------------------------------------------------------
Event Type: Warning
Event Source: DnsApi
Event Category: None
Event ID: 11165
Date: 6/26/2006
Time: 9:58:05 AM
User: N/A
Computer: PREPSERVER3
Description:
The system failed to register host (A) resource records (RRs) for
network adapter
with settings:
Adapter Name : {C54498E9-A7D4-47AF-817E-40822BFD0303}
Host Name : prepserver3
Primary Domain Suffix : prep
DNS server list :
10.0.0.82, 10.0.0.83
Sent update to server : <?>
IP Address(es) :
10.0.5.128
The reason the system could not register these RRs was because the DNS
server contacted refused the update request. The reasons for this might
be (a) you are not allowed to update the specified DNS domain name, or
(b) because the DNS server authoritative for this name does not support
the DNS dynamic update protocol.
To register the DNS host (A) resource records using the specific DNS
domain name and IP addresses for this adapter, contact your DNS server
or network systems administrator.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00 *#..
-----------------------------------------------------------------------------------------------------------------------------
The netdiag command does not work on my server. Its Windows Server
2003 standard editon.
When I type the command i get the follwoing error message.
-----------------------------------------------------------------------------------------------------------------------------
C:\Documents and Settings\Administrator.PREPSERVER3>netdiag
'netdiag' is not recognized as an internal or external command,
operable program or batch file.
-----------------------------------------------------------------------------------------------------------------------------
When I type gpupdate in the commandline I get the following response
-----------------------------------------------------------------------------------------------------------------------------
C:\Documents and Settings\Administrator.PREPSERVER3>gpupdate
Refreshing Policy...
User Policy Refresh has completed.
Computer Policy Refresh has completed.
To check for errors in policy processing, review the event log.
-----------------------------------------------------------------------------------------------------------------------------
When i check the event viewere under 'Application' I see the following
message
-----------------------------------------------------------------------------------------------------------------------------
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1053
Date: 6/26/2006
Time: 10:44:25 AM
User: NT AUTHORITY\SYSTEM
Computer: PREPSERVER3
Description:
Windows cannot determine the user or computer name. (Access is denied.
). Group Policy processing aborted.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
-----------------------------------------------------------------------------------------------------------------------------
When I attempt to contact the domain controller through system DNS
(step 4), I'm Successful.
when i try to use the active directory snap in i get the following
error message:
-----------------------------------------------------------------------------------------------------------------------------
The domain prepserver1 could not be found because:
The specified domain either does not exist or could not be contacted.
-----------------------------------------------------------------------------------------------------------------------------
No other computers on my network have trouble accessing the domain
controller.
There are 2 domains so i guess you can say it is a forrest. The user
account is working on other computers. Both domains are listed when i
login to the server.
Do you have any other suggestions?
Thanks,
Ryan
fuho
