What is prisoner.iana.org

[Ian Henderson]

I have a PC installed with Windows XP SP2, authenticating to a network, the
Domain Controller for which is running Windows 2000 Service Pack 4.

Recently I've noticed that at regular intervals (every hour/90 minutes), my
PC writes the following entry into the System Event Log:

Source: LSASRV
Category: SPNEGO (Negotiator)
Type: Warning
Event ID: 40961

Description: The Security System could not establish a secured
connection with the server DNS/prisoner.iana.org. NO authentication
protocol was available.

When I researched Event ID 40961 on the Microsoft website, it seemed to
indicate that this error would normally appear after promoting a Windows
2003 server to Domain Controller. However, I'm not running Windows 2K3
anywhere on my network.

To the best of my knowledge, this error does not appear on my (newly
rebuilt) server, or indeed on my laptop. It seems only to be on this one
PC. Furthermore, the PC is hanging, for no apparent reason. Although it
doesn't do this after each time the above error has been written into the
log, it certainly seems that, now and again, the PC hangs/crashes after this
entry has been written.

I have the following questions:

1. What is causing this warning to be written to the system log;
2. What can I do to stop this warning appearing in the future;
3. Is this warning a notification of something taking place that is
subsequently causing my machine to hang now and again;

For anyone who's wondering, I've also got the most uptodate version of
Microsoft AntiSpyware on my PC. Although I know that this doesn't catch
everything that tries to get through, it certainly grabs a fair amount of
stuff. Also, I'm fairly sure that my crashing problem is not caused by
hardware such as memory, because I'm not seeing a BSOD when the machine
crashes.

I hope that someone can help me. I'm on the point of being about to rebuilt
my PC in the hope that it will cure the problem. However, I don't want to
do that if the problem is going to recur as the result of something being
incorrectly set, either on the PC or on the Server.

TIA

 

[Kerry Brown]

I have a PC installed with Windows XP SP2, authenticating to a
network, the Domain Controller for which is running Windows 2000
Service Pack 4.
Recently I've noticed that at regular intervals (every hour/90
minutes), my PC writes the following entry into the System Event Log:

Source: LSASRV
Category: SPNEGO (Negotiator)
Type: Warning
Event ID: 40961

Description: The Security System could not establish a secured
connection with the server DNS/prisoner.iana.org. NO authentication
protocol was available.

When I researched Event ID 40961 on the Microsoft website, it seemed
to indicate that this error would normally appear after promoting a
Windows 2003 server to Domain Controller. However, I'm not running
Windows 2K3 anywhere on my network.

To the best of my knowledge, this error does not appear on my (newly
rebuilt) server, or indeed on my laptop. It seems only to be on this
one PC. Furthermore, the PC is hanging, for no apparent reason. Although
it doesn't do this after each time the above error has been
written into the log, it certainly seems that, now and again, the PC
hangs/crashes after this entry has been written.

I have the following questions:

1. What is causing this warning to be written to the system log;
2. What can I do to stop this warning appearing in the future;
3. Is this warning a notification of something taking place that is
subsequently causing my machine to hang now and again;

For anyone who's wondering, I've also got the most uptodate version of
Microsoft AntiSpyware on my PC. Although I know that this doesn't
catch everything that tries to get through, it certainly grabs a fair
amount of stuff. Also, I'm fairly sure that my crashing problem is
not caused by hardware such as memory, because I'm not seeing a BSOD
when the machine crashes.

I hope that someone can help me. I'm on the point of being about to
rebuilt my PC in the hope that it will cure the problem. However, I
don't want to do that if the problem is going to recur as the result
of something being incorrectly set, either on the PC or on the Server.

TIA

Your DNS server may not have reverse lookup zones implemented. Something is
trying to do a reverse lookup (by IP) of a private address (your network)
and your DNS server is trying to find the authoritative DNS server. As it is
a private IP address your server should be authoritative. Prisoner.iana.org
is a black hole server so the request doesn't propagate all over the net.
Here is a link for how to configure a reverse lookup zone:

http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/cnet/cncf_imp_dewg.asp

If you don't have reverse lookup zones set up then try setting them up and
see if the warning goes away. If it doesn't post back as there are other
possible causes. Note: the entry is just a warning. Your network will most
likely work just fine without reverse zones. It will be slightly more
efficient with them.

Kerry

 

[Ian Henderson]

Hi Karry

That seems to have solved the problem of the PC trying to communicate with
prisoner.iana.org. However, my PC is still hanging, which is a bit
worrying.

Thanks very much for your assistance.

 

[Kerry Brown]

Post more details of what happens when it hangs. Does the mouse still move?
Does Ctrl-Alt-Del do anything? Is it particular to any one program?

Kerry

 

[Ian Henderson]

Hi Kerry

First of all, I just noticed that I spelt your name wrong in my previous
post. My humble apologies for doing that.

To be honest, I don't know what happens when it hangs. Normally by the time
it hangs, the screen-saver has cut in and the monitor has gone into
power-saving mode. I did go through a phase of disabling both the screen
saver and the monitor sleep function, just to see if that was perhaps
causing it. All that happened then was that when the machine hung, it did
it with the monitor on.

In answer to your question, the mouse does not respond. Neither does the
keyboard. As far as I can tell, it's not specific to one particular
program, although to be honest I've got a lot of stuff installed on my
machine, so tracking it to a particular application could prove to be more
time-consuming than just rebuilding the machine from scratch

If you've got any ideas, I'm dying to hear them

 

[Kerry Brown]

Don't worry about the name. Are there any other errors in the event logs?
Try running msconfig.exe and put a tick beside Diagnostic start. Let it
reboot and see if the problem still occurs. Note, this may leave you
unprotected if you use a 3rd party firewall. If this is the case make sure
you enable the Windows firewall or do not connect to the Internet.

Kerry

 

[Ian Henderson]

Hi Kerry

I've had a look in the System Event log. Although I can't be definite about
when the PC crashed, the Service Control Manager reported that the Windows
Installer service had entered the stopped state at approximately 9:50 AM.
Prior to that, the msiInstaller reported that the Sophos Antivirus
configuration was completed successfully at approximately 9:40am.

As far as I am aware, Sophos Antivirus, which is scheduled to update every
hour, is the only application that is installed on my PC that would require
any sort of automatic configuration.

I find it strange that there's nothing being written into the event viewer
that might indicate the source of the problem. I've had experience of
Windows 2000 servers crashing for no apparent reason, and although the
system didn't log anything in the event viewer for the time immediately
prior to the crash, it would write something in the log as soon as the
server was restarted to the effect that the system had been restarted
unexpectedly.

I'm not convinced that the problem lies with Sophos Antivirus, simply
because we use it across our company's network, and have never experienced
anything even remotely similar to what's occcuring here.

Continuing to scratch my head

Ian

 

[Kerry Brown]

Time to start doing some troubleshooting. Start with the Diagnostic Start I
suggested in my last post. If the freezes go away then start adding things
back in one at a time. If the freezes don't go away then it's time to start
checking the hardware.

Kerry

 

[Ian Henderson]

Hi Kerry

I'll go away and do that. Thanks very much for all your help on this issue.
Once I get something more conclusive, I'll post back with the results.

Ian

 

[Kerry Brown]

Your welcome. Intermittent freezes can be one of the hardest things to
troubleshoot. Sometimes it helps to keep a log. Whenever it freezes write
down the time and exactly what you did on the computer for the last five
minutes. Often a pattern will emerge. If there is no pattern then it's
usually hardware.

Kerry