Event ID 40961

[George Hester]

In the Event Viewer | System I have a LSASRV Warning Category SPNEGO
(Negotiator) Event 40961 and this is its Description:

The Security System could not establish a secured connection with the server
DNS/prisoner.iana.org. No authentication protocol was available.

My Windows 2000 DNS Server for this Windows XP SP2 client is my Windows 2000
Domain Server.

There is no Reverse Lookup zone on the Windows 2000 Server AND this warning
does NOT occur in any clients in the Domain except Windows XP.

How do I fix this?

Thanks.

 

[The Cuddly Curmudgeon]

How do I fix this?

What's BROKEN???

Is your system running/operating properly?

 

[Jone Doe]

What's BROKEN???

Is your system running/operating properly?

Obviously not if he is getting event ID 40961. Event ID 40961: The Security
System could not establish a secured connection with the server

Check the event log on the server to see just why you can't establish a
connection, and post back with the errors.

 

[Kerry Brown]

In the Event Viewer | System I have a LSASRV Warning Category SPNEGO
(Negotiator) Event 40961 and this is its Description:

The Security System could not establish a secured connection with the
server
DNS/prisoner.iana.org. No authentication protocol was available.

My Windows 2000 DNS Server for this Windows XP SP2 client is my Windows
2000
Domain Server.

There is no Reverse Lookup zone on the Windows 2000 Server AND this
warning
does NOT occur in any clients in the Domain except Windows XP.

How do I fix this?

George is a troll. We just spent several days back and forth on this same
issue. His next post will reference a KB article about configuring DNS on a
Windows 2000 server. It doesn't matter if you give him step by step
instructions how to fix the warning. All he wants to do is prove that some
KB articles have errors. Even then he is wrong as the MS KB articles
regarding DNS recommend configuring a reverse zone on the server which will
fix this warning. Note: it is a warning not an error.

For the record this warning is usually caused by a DNS server not having a
reverse zone configured. IANA (Internet Assigned Numbers Authority)
maintains several blackhole servers one of which is prisoner.iana.org. The
purpose of these servers is to respond authoritatively to reverse lookups of
private IP's so they don't bounce around the net causing a lot of
unnecessary traffic. It is not an XP issue. It is a DNS issue which can be
caused by any DNS server that does not have reverse lookup zones configured.
The warnings can be ignored if wanted as the clients will use another method
to resolve the name if no DNS server responds. It is however good manners to
configure your DNS servers with reverse zones and it does make your network
run more efficiently. This applies to Linux, Windows, Unix, or whatever OS
DNS servers.

If you don't believe me about George do a search for recent threads started
by him. They all eventually end up with him finding a KB article that he
thinks has a mistake in it.

Kerry

 

[Peter Foldes]

Well hello there George. At it again?

 

[George Hester]

There are no DNS errors on the Server. This is a Warning on the XP Client I
am trying to address.

 

[George Hester]

Kerry you know little about answering a question. You happen to be wrong.
But you don't listen to trolls so be it.

 

[George Hester]

Yep do you know the answer or are you just blabbering?

 

[George Hester]

Microsoft gives directions on how to configure a DNS Server in Windows 2000
and a Reverse Lookup Zone is not required. Like I said before tell
Microsoft their KB article is wrong and re-write it for them. Now get of
the stick and do it.

Finally there are no Sub-Domains so the Reverse Loopup Zone is a red-herring
buddy.

 

[Peter Foldes]

Just proves the point that you are a Troll (I mean your answer below from the above post in this thread)

Microsoft gives directions on how to configure a DNS Server in Windows 2000
and a Reverse Lookup Zone is not required. Like I said before tell
Microsoft their KB article is wrong and re-write it for them. Now get of
the stick and do it.

Finally there are no Sub-Domains so the Reverse Loopup Zone is a red-herring
buddy.


--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

Yep do you know the answer or are you just blabbering?

 

[Kerry Brown]

Microsoft gives directions on how to configure a DNS Server in Windows
2000
and a Reverse Lookup Zone is not required. Like I said before tell
Microsoft their KB article is wrong and re-write it for them. Now get of
the stick and do it.

Finally there are no Sub-Domains so the Reverse Loopup Zone is a
red-herring
buddy.

George

It's obvious you don't understand how DNS works and don't want to learn.
Your dislike of XP has blinded you. XP is warning you. Other OS's like
Windows 98 cause the same problem they just don't log it anywhere. Even most
cheap routers cause the problem. Note the problem is not with your network.
The problem is that your computer is requesting a reverse lookup and not
finding an authoritative DNS server for the subnet because it is a private
subnet. This propagates around the Internet causing unnecessary traffic,
thus the blackhole servers were implemented. If you read some of the links I
posted last time you asked this question you would know this by now. The KB
article is not wrong. Microsoft recommends you use reverse zones. They are
not required. If you don't implement them XP will warn you it is not working
as efficiently as it could. This means XP actually works better than some
OS's because it warns you that things could be working better. Try
implementing a reverse zone for your network and see if the warning stops.
If it doesn't let us know and we can go on to other troubleshooting steps.
There are other possible causes for this warning. If you don't fix the most
obvious cause of a symptom first it is a waste of time trying something
else. It'd be like changing a motor in a car that won't start before
checking if it has gas in the tank.

Kerry

 

[George Hester]

Do you even know what a Troll is? You are the one trolling me not I you
Peter. You are a fuddy-duddy. You write here only to troll me I never see
you answer anyone with any solution. You just troll everytime I post and
then you accuse me of trolling. Well let's put it this way you are doing a
very good job of trolling. Now how about graduating from the 6th grade and
upgrade your vocabulary. You never know what might happen then, eh?

--

George Hester
_________________________________

Just proves the point that you are a Troll (I mean your answer below from
the above post in this thread)

Microsoft gives directions on how to configure a DNS Server in Windows 2000
and a Reverse Lookup Zone is not required. Like I said before tell
Microsoft their KB article is wrong and re-write it for them. Now get of
the stick and do it.

Finally there are no Sub-Domains so the Reverse Loopup Zone is a red-herring
buddy.


--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

Yep do you know the answer or are you just blabbering?