Login Problems

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

I'm experiencing forever logins from domain computers at remote sites (
those on a network connected via a VPN tunnel to the network with the domain
controller ). Remote sites with domain controllers don't have the problem.
The only fix I have thus far is to reboot the domain controller.

In looking over the events I have found that there were two events in the
System Log that immediately went away when the server was rebooted. They
are shown below. Its nice to know reboot fixes the problem for a while,
but what is the actual source of my problem so I can fix it once and for
all?

40960 LsaSrv The Security System detected an attempted downgrade
attack for server LDAP/fs4.KVMHC_DOM. The failure code from authentication
protocol Kerberos was "There are currently no logon servers available to
service the logon request.
(0xc000005e)".
40961 LsaSrv The Security System could not establish a secured
connection with the server LDAP/fs4.KVMHC_DOM. No authentication protocol
was available.


I am still seeing the following events, but it doesn't appear to be
effecting performance and logins.
15 AutoEnrollment Automatic certificate enrollment for local system
failed to contact the active directory (0x8007054b). The specified domain
either does not exist or could not be contacted.
Enrollment will not be performed.
1086 Userenv Windows cannot do loopback processing for downlevel or
local users. Loopback processing will be disabled.
15 AutoEnrollment Automatic certificate enrollment for local system
failed to contact the active directory (0x8007041d). The service did not
respond to the start or control request in a timely fashion.
Enrollment will not be performed.
1054 Userenv Windows cannot obtain the domain controller name for your
computer network. (An unexpected network error occurred. ). Group Policy
processing aborted.



THanks,

Andrew
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

But clients in the same site with domain controller used by authentication
by remote clients can authenticate?

also you can check this:

http://www.eventid.net/display.asp?eventid=40960&eventno=787&source=LsaSrv&phase=1
http://www.eventid.net/display.asp?eventid=40961&eventno=1398&source=LsaSrv&phase=1

I don't know how much this helps in your case .... but it's a start.


--
Andrei Ungureanu
www.eventid.net
Free Windows event logs reports
http://www.altairtech.ca/evlog/

"Andrew Jones" <ajones@kvmhc.org> wrote in message
news:b5b8d$43131c4d$d8ccc91a$387@LIGHTSHIP.NET...
> I'm experiencing forever logins from domain computers at remote sites (
> those on a network connected via a VPN tunnel to the network with the
> domain controller ). Remote sites with domain controllers don't have the
> problem. The only fix I have thus far is to reboot the domain controller.
>
> In looking over the events I have found that there were two events in the
> System Log that immediately went away when the server was rebooted. They
> are shown below. Its nice to know reboot fixes the problem for a while,
> but what is the actual source of my problem so I can fix it once and for
> all?
>
> 40960 LsaSrv The Security System detected an attempted downgrade
> attack for server LDAP/fs4.KVMHC_DOM. The failure code from
> authentication protocol Kerberos was "There are currently no logon servers
> available to service the logon request.
> (0xc000005e)".
> 40961 LsaSrv The Security System could not establish a secured
> connection with the server LDAP/fs4.KVMHC_DOM. No authentication protocol
> was available.
>
>
> I am still seeing the following events, but it doesn't appear to be
> effecting performance and logins.
> 15 AutoEnrollment Automatic certificate enrollment for local system
> failed to contact the active directory (0x8007054b). The specified domain
> either does not exist or could not be contacted.
> Enrollment will not be performed.
> 1086 Userenv Windows cannot do loopback processing for downlevel or
> local users. Loopback processing will be disabled.
> 15 AutoEnrollment Automatic certificate enrollment for local system
> failed to contact the active directory (0x8007041d). The service did not
> respond to the start or control request in a timely fashion.
> Enrollment will not be performed.
> 1054 Userenv Windows cannot obtain the domain controller name for
> your computer network. (An unexpected network error occurred. ). Group
> Policy processing aborted.
>
>
>
> THanks,
>
> Andrew
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Yes, clients in sites with DCs can login in. Remote sites w/o dc on network
( available via VPN on different network ) can login ... not sure if
authenticating or cached, but login process can last for over an hour and
with a redirected start menu its pretty useless even if you do get in.

Did some research on single label domain names and checking to see if thats
part of problem.
Also can raise domain and forest level to 2003 now that all 2000 servers
have been removed, but was going to research that change further before
actually doing it.

AJ
"Andrei Ungureanu" <andreix at msn dot com> wrote in message
news:OOcNGKNrFHA.1128@TK2MSFTNGP11.phx.gbl...
> But clients in the same site with domain controller used by authentication
> by remote clients can authenticate?
>
> also you can check this:
>
> http://www.eventid.net/display.asp?eventid=40960&eventno=787&source=LsaSrv&phase=1
> http://www.eventid.net/display.asp?eventid=40961&eventno=1398&source=LsaSrv&phase=1
>
> I don't know how much this helps in your case .... but it's a start.
>
>
> --
> Andrei Ungureanu
> www.eventid.net
> Free Windows event logs reports
> http://www.altairtech.ca/evlog/
>
> "Andrew Jones" <ajones@kvmhc.org> wrote in message
> news:b5b8d$43131c4d$d8ccc91a$387@LIGHTSHIP.NET...
>> I'm experiencing forever logins from domain computers at remote sites (
>> those on a network connected via a VPN tunnel to the network with the
>> domain controller ). Remote sites with domain controllers don't have the
>> problem. The only fix I have thus far is to reboot the domain controller.
>>
>> In looking over the events I have found that there were two events in the
>> System Log that immediately went away when the server was rebooted. They
>> are shown below. Its nice to know reboot fixes the problem for a while,
>> but what is the actual source of my problem so I can fix it once and for
>> all?
>>
>> 40960 LsaSrv The Security System detected an attempted downgrade
>> attack for server LDAP/fs4.KVMHC_DOM. The failure code from
>> authentication protocol Kerberos was "There are currently no logon
>> servers available to service the logon request.
>> (0xc000005e)".
>> 40961 LsaSrv The Security System could not establish a secured
>> connection with the server LDAP/fs4.KVMHC_DOM. No authentication
>> protocol was available.
>>
>>
>> I am still seeing the following events, but it doesn't appear to be
>> effecting performance and logins.
>> 15 AutoEnrollment Automatic certificate enrollment for local system
>> failed to contact the active directory (0x8007054b). The specified
>> domain either does not exist or could not be contacted.
>> Enrollment will not be performed.
>> 1086 Userenv Windows cannot do loopback processing for downlevel or
>> local users. Loopback processing will be disabled.
>> 15 AutoEnrollment Automatic certificate enrollment for local system
>> failed to contact the active directory (0x8007041d). The service did not
>> respond to the start or control request in a timely fashion.
>> Enrollment will not be performed.
>> 1054 Userenv Windows cannot obtain the domain controller name for
>> your computer network. (An unexpected network error occurred. ). Group
>> Policy processing aborted.
>>
>>
>>
>> THanks,
>>
>> Andrew
>>
>
>
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom