George Hester said:
In the Event Viewer | System I have a LSASRV Warning Category SPNEGO
(Negotiator) Event 40961 and this is its Description:
The Security System could not establish a secured connection with the
server
DNS/prisoner.iana.org. No authentication protocol was available.
My Windows 2000 DNS Server for this Windows XP SP2 client is my Windows
2000
Domain Server.
There is no Reverse Lookup zone on the Windows 2000 Server AND this
warning
does NOT occur in any clients in the Domain except Windows XP.
How do I fix this?
George is a troll. We just spent several days back and forth on this same
issue. His next post will reference a KB article about configuring DNS on a
Windows 2000 server. It doesn't matter if you give him step by step
instructions how to fix the warning. All he wants to do is prove that some
KB articles have errors. Even then he is wrong as the MS KB articles
regarding DNS recommend configuring a reverse zone on the server which will
fix this warning. Note: it is a warning not an error.
For the record this warning is usually caused by a DNS server not having a
reverse zone configured. IANA (Internet Assigned Numbers Authority)
maintains several blackhole servers one of which is prisoner.iana.org. The
purpose of these servers is to respond authoritatively to reverse lookups of
private IP's so they don't bounce around the net causing a lot of
unnecessary traffic. It is not an XP issue. It is a DNS issue which can be
caused by any DNS server that does not have reverse lookup zones configured.
The warnings can be ignored if wanted as the clients will use another method
to resolve the name if no DNS server responds. It is however good manners to
configure your DNS servers with reverse zones and it does make your network
run more efficiently. This applies to Linux, Windows, Unix, or whatever OS
DNS servers.
If you don't believe me about George do a search for recent threads started
by him. They all eventually end up with him finding a KB article that he
thinks has a mistake in it.
Kerry