Security concerns?

[Guest]

Hello,

I am seeing this in my event viewer:
The Security System could not establish a secured connection with the server
DNS/prisoner.iana.org. No authentication protocol was available.

and this:

The Security System detected an authentication error for the server
ldap/timemachine.Timemachine.local. The failure code from authentication
protocol Kerberos was "There are currently no logon servers available to
service the logon request.
(0xc000005e)".

Anyone see this before?
Thank you,
Joe

 

[Kevin D. Goodknecht Sr. [MVP]]

Hello,

I am seeing this in my event viewer:
The Security System could not establish a secured connection with the
server DNS/prisoner.iana.org. No authentication protocol was
available.

This event is caused from the DC trying to register its private address PTR
record in the IANA black hole servers, create a reverse lookup zone and use
only the DCs address for DNS should stop this.

and this:

The Security System detected an authentication error for the server
ldap/timemachine.Timemachine.local. The failure code from
authentication protocol Kerberos was "There are currently no logon
servers available to service the logon request.
(0xc000005e)".

If this even only appears at start up you should ignore it, it is the Time
Service trying to authenticte before AD has started.

Event IDs 40960 and 40961 in the System Event Log When You Restart Windows
Server 2003 After You Run Dcpromo.exe
http://support.microsoft.com/default.aspx?scid=kb;en-us;823712

 

[Guest]

..Thank you Kevin,

I have a PTR set up already but it is with my ISP. I have all the addresses
that my DNS cannot resolve forwarded to my ISP DNS servers.I have my DNS set
to my own IP (pointing to itself) So where should I go from here? do a
reverse on 69.65.81.145
http://www.dnsreport.com I also have an SPF record.
Thank you
Joe

 

[Kevin D. Goodknecht Sr. [MVP]]

.Thank you Kevin,

I have a PTR set up already but it is with my ISP. I have all the
addresses that my DNS cannot resolve forwarded to my ISP DNS
servers.I have my DNS set to my own IP (pointing to itself) So where
should I go from here? do a reverse on 69.65.81.145
http://www.dnsreport.com I also have an SPF record.

If it is trying to register in prisoner.iana.org, it is the PTRs for Private
addresses, you need a reverse lookup zone that covers your private IP range,
not knowing your private range I can't tell you what that is, but if your
private range is 192.168.x.x, then create a reverse lookup zone for the
NetID using the new zone wizard. The new zone wizard give you to choices,
using the NetID and using the reverse lookup zone name, the NetID would be
192.168 and the zone name will be 168.192.in-addr.arpa.

 

[Kevin D. Goodknecht Sr. [MVP]]

Thanks kevin this helps tremendously

my private IP's are 192.168. so what type would ichoose in the wizard?
dynamic update, no update, only for domain AD. there are a few
choices there I think just 4.

which one is correct for just internal DNS?

Use Active Directory integrated, allow only secure updates and NetID
192.168.