Event ID 1030, 40961 and 673 on DC

W

Wills World

Windows 2003 SP1 Domain 3 DC's
Windows XP SP2


Details of Problem:

Event logs of XP Clients are reporting the events 1030 (USERENV) and 40961
(LSASRV/SPNEGO) only when the users machine is logged in but locked. (After
they go home) The events seem to happen about every two hours until they
unlock and then the problem stops again.

Domain Controller Log reports event 673 Failure With no
Username/Domain/Service Name/Service ID

Ticket Options: 0x2
Client Address: (matches the clients ip address)
Failure Code 0X20 (Ticket Expired?)

Can you explain what might be happening here and possible solutions?
 
W

Wills World

Thanks Sengupta - That was the first place I went , but I did not find this
specific combination of issues. Any more thoughts would be appreciated.
Thanks!!

S.Sengupta said:
Check it here:-
http://www.eventid.net/

regards,
S.Sengupta[MS-MVP]

Wills said:
Windows 2003 SP1 Domain 3 DC's
Windows XP SP2


Details of Problem:

Event logs of XP Clients are reporting the events 1030 (USERENV) and
40961 (LSASRV/SPNEGO) only when the users machine is logged in but
locked. (After they go home) The events seem to happen about every two
hours until they unlock and then the problem stops again.

Domain Controller Log reports event 673 Failure With no
Username/Domain/Service Name/Service ID

Ticket Options: 0x2
Client Address: (matches the clients ip address)
Failure Code 0X20 (Ticket Expired?)

Can you explain what might be happening here and possible solutions?
Click to expand...
Click to expand...
 
W

Wills World

Nice website and blog S. Sengupta!!

Although the KB article does not match exactly it is a close match to most
of the symptoms.

***
MS Article ID : 885887
Last Review : April 27, 2006
Revision : 1.3


You cannot access network resources after you try to log on to a Windows XP
Service Pack 2-based computer

Symptoms:
If you log on to a Microsoft Windows XP Service Pack 2 (SP2)-based computer
before a domain controller on your network is available, you may experience
one or more of the following symptoms:

.. User-specific Kerberos Ticket-Granting Tickets (TGT) are not renewed.
.. Requests for new TGTs are not accepted if the TGT has reached its last
permissible renew date after you install Windows XP SP2.
.. Authentication to network resources may unexpectedly quit after the
computer has been locked.
.. Programs that use Delegation may unexpectedly quit.
.. You cannot resolve the problem by purging the TGT and requesting a new
TGT.
.. You find an event similar to the following event in the system event log:

Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: 10/27/2004
Time: 1:00:50 PM
User: N/A
Computer: COMPUTER
Description: The Security System could not establish a secured connection
with the server ldap/DC01.corp.com/[email protected]. No authentication
protocol was available.

*****

To Get the Hot Fix Mentioned in the KB Article:

I called 1-800-MICROSOFT (1-800-642-7676)and followed the telephone prompts
to get a HotFix. I got transferred to a real person who simply asked what
Hot Fix I needed and then they emailed it to me with a password.

I have installed the Hot Fix on one machine and will post back the results.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Event ID 40960 & 40961 1
Event ID 40961 11
Events 15, 40961, 40960 & 5719 1
Event ID errors 40961 and 40960 (source = LSASRV) 0
Event ID: 1030 on client machine 4
LSASRV 40961 & USERENV 1030 2
40961 SPNEGO & 1030 errors 2
Event ID 1030 and 40961 1

Top