Almost all my Windows XP errors are endemic to Windows XP How about this one?

[George Hester]

In the Event Viewer | System I have a LSASRV Warning Category SPNEGO
(Negotiator) Event 40961 and this is its Description:

The Security System could not establish a secured connection with the server
DNS/prisoner.iana.org. No authentication protocol was available.

My DNS Server for this Windows XP SP2 client is my Doamin Server. None
other. What is this and how do I fix it? Thanks.

 

[Peter Foldes]

How many systems do you have George? I know that you already said you have Windows 2000. You are posting always with IE\OE 5.50.4927.1200 as is here the case. Now that is another system. Now you are also saying that you have Widows XP SP2. Hopefully you are not leading up to your usual answer by dissecting\posting a KB or a fix and trolling..

 

[Ron Martell]

In the Event Viewer | System I have a LSASRV Warning Category SPNEGO
(Negotiator) Event 40961 and this is its Description:

The Security System could not establish a secured connection with the server
DNS/prisoner.iana.org. No authentication protocol was available.

My DNS Server for this Windows XP SP2 client is my Doamin Server. None
other. What is this and how do I fix it? Thanks.

You have something on your network that is not configured correctly.

See http://seclists.org/lists/incidents/2002/Sep/0058.html for a
discussion of this error.

Good luck

Ron Martell Duncan B.C. Canada
--
Microsoft MVP
On-Line Help Computer Service
http://onlinehelp.bc.ca

In memory of a dear friend Alex Nichol MVP
http://aumha.org/alex.htm

 

[Kerry Brown]

In the Event Viewer | System I have a LSASRV Warning Category SPNEGO
(Negotiator) Event 40961 and this is its Description:

The Security System could not establish a secured connection with the
server
DNS/prisoner.iana.org. No authentication protocol was available.

My DNS Server for this Windows XP SP2 client is my Doamin Server. None
other. What is this and how do I fix it? Thanks.

This usually means your DNS server is misconfigured and does not have a
reverse lookup zone. prisoner.iana.org is a blackhole server to stop
requests for private IP lookups from bouncing all around the Internet.

Kerry

 

[George Hester]

Right it doesn't have a reverse look up zone because that was not required
or explained in the Knowledge base article for setting up the DNS in Windows
2000. Here:

http://support.microsoft.com/default.aspx?scid=kb;en-us;317590

Nor was it said in the Windows 2000 DNS newsgroup.

http://support.microsoft.com/default.aspx?scid=kb;en-us;300202

If you read these article you will find a Reverse look up zone is not
necessary. Now you say it is with a Windows XP client.. If so how should I
do it? There are no sub domains. Just the one.

 

[George Hester]

Peter you are the troll. And furthermore you know squat. Have you ever
helped anyone? What difference does it make what system I post my messages
from? But to the all-knowing Peter I guess it does. Fool!

--
George Hester
_________________________________

How many systems do you have George? I know that you already said you have
Windows 2000. You are posting always with IE\OE 5.50.4927.1200 as is here
the case. Now that is another system. Now you are also saying that you have
Widows XP SP2. Hopefully you are not leading up to your usual answer by
dissecting\posting a KB or a fix and trolling..

 

[Peter Foldes]

LOL. Just proves my point

 

[Kerry Brown]

Right it doesn't have a reverse look up zone because that was not required
or explained in the Knowledge base article for setting up the DNS in
Windows
2000. Here:

http://support.microsoft.com/default.aspx?scid=kb;en-us;317590

Nor was it said in the Windows 2000 DNS newsgroup.

http://support.microsoft.com/default.aspx?scid=kb;en-us;300202

If you read these article you will find a Reverse look up zone is not
necessary. Now you say it is with a Windows XP client.. If so how should
I
do it? There are no sub domains. Just the one.

Google is your friend. All these links came from the first page of a google
search. You cannot learn about Windows just by reading keyboard articles. If
you want to learn about setting up networks and domains I suggest buying
some of the course materials for the MCSE courses. A reverse zone is not
necessary for your network to work. Reverse zones can however make your
network work more efficiently and is the neighbourly thing to do if you are
connected to the Internet. The last link, although about Linux, has some
good info on why reverse DNS is needed.

http://www.petri.co.il/install_and_configure_w2k_dns_server.htm

http://support.microsoft.com/default.aspx?scid=kb;en-us;300202&sd=tech

http://www.tech-faq.com/reverse-dns.shtml


Kerry

 

[Kerry Brown]

Google is your friend. All these links came from the first page of a
google search. You cannot learn about Windows just by reading keyboard
articles. If you want to learn about setting up networks and domains I
suggest buying some of the course materials for the MCSE courses. A
reverse zone is not necessary for your network to work. Reverse zones can
however make your network work more efficiently and is the neighbourly
thing to do if you are connected to the Internet. The last link, although
about Linux, has some good info on why reverse DNS is needed.

http://www.petri.co.il/install_and_configure_w2k_dns_server.htm

http://support.microsoft.com/default.aspx?scid=kb;en-us;300202&sd=tech

http://www.tech-faq.com/reverse-dns.shtml


Kerry

Just re-read my post. Keyboard articles should be Knowledge Base articles.
Keyboard came from a friend's bad joke that the KB articles sometimes make
you want to smash your keyboard. I've got into the habit of calling them
keyboard articles to bug him

Kerry

 

[George Hester]

I asked here thinking I'd find some help. Turns out that is not gonna
happen here. I asked a simple question and this Reverse Lookup Zone was NOT
required in the KB articles on the subject of configuring a DNS Server in
Windows 2000. I suggest Kerry that if you know the right way maybe you
could re-write the KB article for Microsoft and point out their mistake.

 

[Kerry Brown]

I asked here thinking I'd find some help. Turns out that is not gonna
happen here. I asked a simple question and this Reverse Lookup Zone was
NOT
required in the KB articles on the subject of configuring a DNS Server in
Windows 2000. I suggest Kerry that if you know the right way maybe you
could re-write the KB article for Microsoft and point out their mistake.

Reverse zones are not required. They make the network work more efficiently.
Did you read the Microsoft TechNet article in the second link in my last
post. It is part of the Microsoft Knowledge Base. This is clearly stated.

" NOTE: Experienced DNS administrators may want to create a reverse lookup
zone, and are encouraged to explore this branch of the wizard. A DNS server
can resolve two basic requests: a forward lookup and a reverse lookup. A
forward lookup is more common. A forward lookup resolves a host name to an
IP address with an "A" or Host Resource record. A reverse lookup resolves an
IP address to a host name with a PTR or Pointer Resource record. If you have
your reverse DNS zones configured, you can automatically create associated
reverse records when you create your original forward record. For additional
information about reverse DNS configuration, click the following article
number to view the article in the Microsoft Knowledge Base:
174419 (http://support.Microsoft.com/kb/174419/) How to configure a
subnetted reverse lookup zone on Windows NT, Windows 2000, or Windows Server
2003 "

The Knowledge Base is a good reference tool. It is not a learning tool.
Sometimes you have to help yourself. If want or need hand holding then you
should look into an instructor led course. If you have the ability to learn
the material yourself then my suggestion from my last post stands. Purchase
some of the many MCSE self study books. Although expensive, if you are
configuring networks with Windows 2000 server I highly recommend the Windows
2000 Server Resource Kit.Starting on page 370 of the TCP/IP Core Networking
Guide there are step by step instructions on setting up, using, and
maintaining reverse lookup zones.

You have made numerous posts lately quoting KB articles. Surely you realize
that any one article is not definitive on a subject. Try the following link
to the advanced search feature for Microsoft

http://search.microsoft.com/search/search.aspx?st=a&View=en-us

Search for reverse dns windows 2000. You will get pages of results. Read
several of the articles to get more of an understanding rather than focusing
on one article.

In addition this is a Windows XP newsgroup. The
Microsoft.public.windows.server.dns group would get you more help on this
issue.

Kerry

 

[George Hester]

Now just hold on a second. Come on. The article says "may." It does not
say "must." You are saying to avoid the "misconfigured" DNS server as you
termed it I "must" introduce a Reverse Lookup Zone. That is NOT what the
articles say. Again I think you should re-write the article for Microsoft
and point out their mistake. If you do not want to I can understan that.
But you should be clear that following the KB articles at Microsoft leads to
a "misconfigured" DNS Server as you termed it. That is what you said.
Following the KB articles at Microsoft as to what is necessary "must" and
not optional "may" results in a misconfigured DNS Server. That's what you
have been telling me. My DNS Server is misconfigured because I do not have
a Recverse Lookup zone. That's what you said. So basically you are saying
the Knowledge Base articles lead to a misconfigured DNS Server.
Interesting.

 

[Kerry Brown]

Now just hold on a second. Come on. The article says "may." It does not
say "must." You are saying to avoid the "misconfigured" DNS server as you
termed it I "must" introduce a Reverse Lookup Zone. That is NOT what the
articles say. Again I think you should re-write the article for Microsoft
and point out their mistake. If you do not want to I can understan that.
But you should be clear that following the KB articles at Microsoft leads
to
a "misconfigured" DNS Server as you termed it. That is what you said.
Following the KB articles at Microsoft as to what is necessary "must" and
not optional "may" results in a misconfigured DNS Server. That's what you
have been telling me. My DNS Server is misconfigured because I do not
have
a Recverse Lookup zone. That's what you said. So basically you are
saying
the Knowledge Base articles lead to a misconfigured DNS Server.
Interesting.

George

I don't know what got the bug up your a## about the KB articles but I'm not
arguing with you. In any case your OP said you received a warning in the
event logs. A warning implies that it is not something that "must" be fixed,
that would be an "error" in the logs.

Kerry

 

[Peter Foldes]

Kerry

He is a Troll. Always the same in all of his postings

 

[Kerry Brown]

Kerry

He is a Troll. Always the same in all of his postings


Peter

I've seen George post legitimate questions here in the past. It's only
lately I've seen this pre-occupation with KB articles. This question seemed
like a legitimate one so I tried to answer it. After re-reading the thread I
agree with you. He is a troll.

Kerry