P
Pulk-
Hello, we are running Windows 2000 DNS and have
encountered a problem. Many users accessing the
network via our Nortel Contivity VPN appliance are no
longer registering in DNS. Strangely a small handful of
VPN users are not having any problems at all and continue
to operate as normal. Some of the users who are working
fine are registering in DNS and others are not. All of
the users with problems have one thing in common, they
are going through the VPN.
Many users who are *not* registering are having problems
accessing network resources (Exchange, shares, other
things). They were working fine for a very long time and
then suddenly, failures. Several logs on the client
machines indicate there is some authentication problem
happening at some point. See logs at bottom of message.
The symptoms of our issues are:
There is no record of the connected host in any of our
Windows 2000 DNS servers. The user does have a WINS
entry.
When trying to access share names there is an extremely
long delay (several minutes). Finally, the share may or
may not appear on the client.
Access to Exchange with Outlook bombs.
Access to internal intranet web space fails frequently.
Here are a few messages from the Event Viewer that we are
seeing on troubled clients:
- The Security System could not establish a secured
connection with the server cifs/ad-dns.company.name. No
authentication protocol was available.
- The reason the system could not register these RRs was
because the DNS server contacted refused the update
request. The reasons for this might be (a) you are not
allowed to update the specified DNS domain name, or (b)
because the DNS server authoritative for this name does
not support the DNS dynamic update protocol.
- The Security System detected an attempted downgrade
attack for server LDAP/server.company.name. The failure
code from authentication protocol Kerberos was "There are
currently no logon servers available to service the logon
request.
(0xc000005e)".
- There were password errors using the Credential
Manager. To remedy, launch the Stored User Names and
Passwords control panel applet, and reenter the password
for the credential Company\username.
encountered a problem. Many users accessing the
network via our Nortel Contivity VPN appliance are no
longer registering in DNS. Strangely a small handful of
VPN users are not having any problems at all and continue
to operate as normal. Some of the users who are working
fine are registering in DNS and others are not. All of
the users with problems have one thing in common, they
are going through the VPN.
Many users who are *not* registering are having problems
accessing network resources (Exchange, shares, other
things). They were working fine for a very long time and
then suddenly, failures. Several logs on the client
machines indicate there is some authentication problem
happening at some point. See logs at bottom of message.
The symptoms of our issues are:
There is no record of the connected host in any of our
Windows 2000 DNS servers. The user does have a WINS
entry.
When trying to access share names there is an extremely
long delay (several minutes). Finally, the share may or
may not appear on the client.
Access to Exchange with Outlook bombs.
Access to internal intranet web space fails frequently.
Here are a few messages from the Event Viewer that we are
seeing on troubled clients:
- The Security System could not establish a secured
connection with the server cifs/ad-dns.company.name. No
authentication protocol was available.
- The reason the system could not register these RRs was
because the DNS server contacted refused the update
request. The reasons for this might be (a) you are not
allowed to update the specified DNS domain name, or (b)
because the DNS server authoritative for this name does
not support the DNS dynamic update protocol.
- The Security System detected an attempted downgrade
attack for server LDAP/server.company.name. The failure
code from authentication protocol Kerberos was "There are
currently no logon servers available to service the logon
request.
(0xc000005e)".
- There were password errors using the Credential
Manager. To remedy, launch the Stored User Names and
Passwords control panel applet, and reenter the password
for the credential Company\username.