Security concerns?

Joe

Distinguished
Mar 31, 2004
1,187
0
19,280
Archived from groups: microsoft.public.win2000.dns (More info?)

Hello,

I am seeing this in my event viewer:
The Security System could not establish a secured connection with the server
DNS/prisoner.iana.org. No authentication protocol was available.

and this:

The Security System detected an authentication error for the server
ldap/timemachine.Timemachine.local. The failure code from authentication
protocol Kerberos was "There are currently no logon servers available to
service the logon request.
(0xc000005e)".

Anyone see this before?
Thank you,
Joe
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

Joe wrote:
> Hello,
>
> I am seeing this in my event viewer:
> The Security System could not establish a secured connection with the
> server DNS/prisoner.iana.org. No authentication protocol was
> available.

This event is caused from the DC trying to register its private address PTR
record in the IANA black hole servers, create a reverse lookup zone and use
only the DCs address for DNS should stop this.


> and this:
>
> The Security System detected an authentication error for the server
> ldap/timemachine.Timemachine.local. The failure code from
> authentication protocol Kerberos was "There are currently no logon
> servers available to service the logon request.
> (0xc000005e)".

If this even only appears at start up you should ignore it, it is the Time
Service trying to authenticte before AD has started.

Event IDs 40960 and 40961 in the System Event Log When You Restart Windows
Server 2003 After You Run Dcpromo.exe
http://support.microsoft.com/default.aspx?scid=kb;en-us;823712


--?
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
 

Joe

Distinguished
Mar 31, 2004
1,187
0
19,280
Archived from groups: microsoft.public.win2000.dns (More info?)

..Thank you Kevin,

I have a PTR set up already but it is with my ISP. I have all the addresses
that my DNS cannot resolve forwarded to my ISP DNS servers.I have my DNS set
to my own IP (pointing to itself) So where should I go from here? do a
reverse on 69.65.81.145
http://www.dnsreport.com I also have an SPF record.
Thank you
Joe

"Kevin D. Goodknecht Sr. [MVP]" wrote:

> Joe wrote:
> > Hello,
> >
> > I am seeing this in my event viewer:
> > The Security System could not establish a secured connection with the
> > server DNS/prisoner.iana.org. No authentication protocol was
> > available.
>
> This event is caused from the DC trying to register its private address PTR
> record in the IANA black hole servers, create a reverse lookup zone and use
> only the DCs address for DNS should stop this.
>
>
> > and this:
> >
> > The Security System detected an authentication error for the server
> > ldap/timemachine.Timemachine.local. The failure code from
> > authentication protocol Kerberos was "There are currently no logon
> > servers available to service the logon request.
> > (0xc000005e)".
>
> If this even only appears at start up you should ignore it, it is the Time
> Service trying to authenticte before AD has started.
>
> Event IDs 40960 and 40961 in the System Event Log When You Restart Windows
> Server 2003 After You Run Dcpromo.exe
> http://support.microsoft.com/default.aspx?scid=kb;en-us;823712
>
>
> --Â?
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

Joe wrote:
> .Thank you Kevin,
>
> I have a PTR set up already but it is with my ISP. I have all the
> addresses that my DNS cannot resolve forwarded to my ISP DNS
> servers.I have my DNS set to my own IP (pointing to itself) So where
> should I go from here? do a reverse on 69.65.81.145
> http://www.dnsreport.com I also have an SPF record.

If it is trying to register in prisoner.iana.org, it is the PTRs for Private
addresses, you need a reverse lookup zone that covers your private IP range,
not knowing your private range I can't tell you what that is, but if your
private range is 192.168.x.x, then create a reverse lookup zone for the
NetID using the new zone wizard. The new zone wizard give you to choices,
using the NetID and using the reverse lookup zone name, the NetID would be
192.168 and the zone name will be 168.192.in-addr.arpa.



--?
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
 

Joe

Distinguished
Mar 31, 2004
1,187
0
19,280
Archived from groups: microsoft.public.win2000.dns (More info?)

Thanks kevin this helps tremendously

my private IP's are 192.168. so what type would ichoose in the wizard?
dynamic update, no update, only for domain AD. there are a few choices there
I think just 4.

which one is correct for just internal DNS?

thanks alot
Joe

"Kevin D. Goodknecht Sr. [MVP]" wrote:

> Joe wrote:
> > .Thank you Kevin,
> >
> > I have a PTR set up already but it is with my ISP. I have all the
> > addresses that my DNS cannot resolve forwarded to my ISP DNS
> > servers.I have my DNS set to my own IP (pointing to itself) So where
> > should I go from here? do a reverse on 69.65.81.145
> > http://www.dnsreport.com I also have an SPF record.
>
> If it is trying to register in prisoner.iana.org, it is the PTRs for Private
> addresses, you need a reverse lookup zone that covers your private IP range,
> not knowing your private range I can't tell you what that is, but if your
> private range is 192.168.x.x, then create a reverse lookup zone for the
> NetID using the new zone wizard. The new zone wizard give you to choices,
> using the NetID and using the reverse lookup zone name, the NetID would be
> 192.168 and the zone name will be 168.192.in-addr.arpa.
>
>
>
> --Â?
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

Joe wrote:
> Thanks kevin this helps tremendously
>
> my private IP's are 192.168. so what type would ichoose in the wizard?
> dynamic update, no update, only for domain AD. there are a few
> choices there I think just 4.
>
> which one is correct for just internal DNS?

Use Active Directory integrated, allow only secure updates and NetID
192.168.



--?
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================