Event ID 40960 + 40961 / SPNEGO

G

Guest

on a WinXP Pro (SP2, latest Patches, in an AD Domain, DC is a Win2003 Server)
the user account has been automatically locked .

I find the following Event ID´s


Event ID: 40690
Type: Warning
Usre: N/A
Source: LSASRV
Category: SPNEGO (Negotiator)

Description:
The Security System detected an attempted downgrade attack for server
cifs/SERVERNAME.DOMAINNAME.net. The failure code from authentication
protocol Kerberos was "The user account has been automatically locked because
too many invalid logon attempts or password change attempts have been
requested.
(0xc0000234)".

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
---------------------------------------------------------------------------

there is also a secon Event after 40960:

Event ID: 40691
Type: Warning
Usre: N/A
Source: LSASRV
Category: SPNEGO (Negotiator)

Description:
The Security System could not establish a secured connection with the server
cifs/SERVERNAME.DOMAINNAME.net. No authentication protocol was available.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
 
B

Brian A

DNS request for prisoner.iana.org

http://support.microsoft.com/default.aspx?scid=kb;en-us;259922



Event IDs 40960 and 40961 in the System Event Log When You Restart Windows Server
2003 After You Run Dcpromo.exe

http://support.microsoft.com/default.aspx?scid=kb;en-us;823712



LSASRV Event IDs 40960 and 40961 When You Promote a Server to a Domain Controller
Role

http://support.microsoft.com/default.aspx?scid=kb;en-us;824217



You cannot access network resources after you try to log on to a Windows XP Service
Pack 2-based computer

http://support.microsoft.com/default.aspx?scid=kb;en-us;885887



You cannot access resources after you install Security Bulletin MS04-011 or Windows
XP Service Pack 2

http://support.microsoft.com/default.aspx?scid=kb;en-us;891559

--

Brian A. Sesko { MS MVP_Shell/User }
Conflicts start where information lacks.
http://basconotw.mvps.org/

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375
 
G

Guest

Sorry, but this articles doesn´t help... and this also do not describe the
same
Event Description.

Any other ideas?
 
G

Guest

I checked the Network Settings, looking for DNS entries (nslookup -q),
checked Network speed, flushed DNS Chache (ipconfig /flushdns), registered
new on DNS Server (ipconfig /registerdns), do netdom reset (netdom reset
COMPUTERNAME /Domain:DOMAINNAME.net)

Looks good. But some hours later, the same problem occurs.

The Event Description on
http://www.eventid.net/display.asp?eventid=40960&eventno=787&source=LsaSrv&phase=1
is not the same like mine.
So i think it is not really the same error.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Event ID 40960 1
Event ID 40960 & 40961 1
what is DNS/prisoner.iana.org for ? 0
Security System detected an attempted downgrade attack... 1
Windows 2000/XP gets locked out 2
Event ID : 40960 LSAsrv / SPNego 2
Events 15, 40961, 40960 & 5719 1
LSASRV errors (ID 40960 and 40961) 0

Top