DNS Server

[Richard]

Hi,

Why is my Win2003 DC server reporting an error with my
ISP DNS server. I only using my ISP as a foward server?
Here is the warning.

The security System could not establish a secured
connection with the server DNS/ns.bellsouth.net. No
authentication protocol was available.
Event id:40961

Thank you,

Richard

 

[Ace Fekay [MVP]]

In

Hi,

Why is my Win2003 DC server reporting an error with my
ISP DNS server. I only using my ISP as a foward server?
Here is the warning.

The security System could not establish a secured
connection with the server DNS/ns.bellsouth.net. No
authentication protocol was available.
Event id:40961

Thank you,

Richard

Only as a forwarder? From the message, it seems that it's in your IP
properties. Can you confirm that?

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Richard]

The Server IP properties have two dns servers defined
127.0.0.1 and the second one was pointing to a Windows
2000 dns. My other Servers in the domain that use this
Server as dns server don't report these problems...these
Servers are Window 2000 member Servers. When I reboot the
serevr I get the following errors in the event log. I
think this something to do with Win2003?

Event id:40960 Source:LSASRV Category:SPNEGO
The Security System detected an authentication error for
the server ldap/c2.azabaches.com. The failure code from
authentication protocol Kerberos was "There are currently
no logon servers available to service the logon request.
(0xc000005e)".

"c2 is the name of the Server and the domain
azabaches.com"

Event id:40961 Source:LSASRV Category:SPNEGO
The Security System could not establish a secured
connection with the server ldap/c2.azabaches.com. No
authentication protocol was available.

Event id:40961 Source:LSASRV Category:SPNEGO
The Security System could not establish a secured
connection with the server DNS/ns.bellsouth.net. No
authentication protocol was available.


Thanks again,

Richard

 

[Richard]

Hi,

I did what you suggested but I am still getting those
messages. I aslo removed the second dns from the ip
settings. The only place that the bellsouth dns is listed
is as a forwarder.

Thanks again,

Richard

 

[Ace Fekay [MVP]]

In

Hi,

I did what you suggested but I am still getting those
messages. I aslo removed the second dns from the ip
settings. The only place that the bellsouth dns is listed
is as a forwarder.

Thanks again,

Richard

I'm really surprised that it's trying to setup a secure connection to your
ISP's DNS server. Is that the server in your Forwarder? Try this server
instead: 4.2.2.2 and see what happens.

By chance, have you enabled Secure Cache Against Pollution? Please do just
in case.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Richard]

Ok,

The option enabled Secure Cache Against Pollution is
enabled by default.

After changing the dns forwarder to 4.2.2.2 I no longer
get the bellsouth dns error but instead I get the
warnings below....is this normal?.

Thanks so much for your help,

Richard


Event id:40960 Source:LSASRV Category:SPNEGO
The Security System detected an authentication error for
the server . The failure code from authentication
protocol Kerberos was "There are currently no logon
servers available to service the logon request.
(0xc000005e)".


Event id:40961 Source:LSASRV Category:SPNEGO
The Security System could not establish a secured
connection with the server. No
authentication protocol was available.

 

[Ace Fekay [MVP]]

In

Ok,

The option enabled Secure Cache Against Pollution is
enabled by default.

After changing the dns forwarder to 4.2.2.2 I no longer
get the bellsouth dns error but instead I get the
warnings below....is this normal?.

Thanks so much for your help,

Richard


Event id:40960 Source:LSASRV Category:SPNEGO
The Security System detected an authentication error for
the server . The failure code from authentication
protocol Kerberos was "There are currently no logon
servers available to service the logon request.
(0xc000005e)".


Event id:40961 Source:LSASRV Category:SPNEGO
The Security System could not establish a secured
connection with the server. No
authentication protocol was available.

Well, that's better than the other one! But no, you shouldn't get it.

Do all the SRV records exist in DNS? That's what it looks for for this
error.

http://www.eventid.net/display.asp?eventid=40961

And this should help too:
http://support.microsoft.com/?id=823712


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Ace Fekay [MVP]]

In

According to MS Article 823712 this behavoir is normal

http://support.microsoft.com/default.aspx?scid=kb;en-
us;823712


I am intrigued with the bellsouth dns server and the
Windows 2003 dns having some kind of problem? Which dns
server is 4.2.2.2


Thanks again,

Richard

4.2.2.2 is one of GTE's DNS servers:
=============================
C:\>nslookup
Default Server: ponyexpress.bandwidthpros.com
Address: 208.47.39.10

4.2.2.2

Server: ponyexpress.bandwidthpros.com
Address: 208.47.39.10

Name: vnsc-bak.sys.gtei.net
Address: 4.2.2.2
=============================

I don't think it's some kind or "problem" at all with Bell South. Maybe
they just have recursion turned off (to disallow folks to use it as a
Forwarder). 4.2.2.2 has it turned on.

W2k3 also uses EDNS0. That is a feature to allow UDP packets greater than
512. DNS queries initiate across UDP, since it's more efficient. If the
response is too big to fit in a 512 byte packet (the default) it will switch
to TCP. But EDNS0 pushes the envelope and some firewalls may not pass a UDP
DNS packet greater than 215 and/or older DNS clients may not be able to use
it. In some cases, disabling ENDS0 will help in these cases.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Richard]

Thank you very much for your support!

-----Original Message-----
In Richard <[email protected]> posted their thoughts, then I offered
mine

4.2.2.2 is one of GTE's DNS servers:
=============================
C:\>nslookup
Default Server: ponyexpress.bandwidthpros.com
Address: 208.47.39.10

Server: ponyexpress.bandwidthpros.com
Address: 208.47.39.10

Name: vnsc-bak.sys.gtei.net
Address: 4.2.2.2
=============================

I don't think it's some kind or "problem" at all with Bell South. Maybe
they just have recursion turned off (to disallow folks to use it as a
Forwarder). 4.2.2.2 has it turned on.

W2k3 also uses EDNS0. That is a feature to allow UDP packets greater than
512. DNS queries initiate across UDP, since it's more efficient. If the
response is too big to fit in a 512 byte packet (the default) it will switch
to TCP. But EDNS0 pushes the envelope and some firewalls may not pass a UDP
DNS packet greater than 215 and/or older DNS clients may not be able to use
it. In some cases, disabling ENDS0 will help in these cases.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================


.

 

[Ace Fekay [MVP]]

In

Thank you very much for your support!

No prob.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory