LsaSrv 40960

[Drewski]

The below error messages are appearing in the DC logs since the user changed this password. I think that something has retained his old password and it trying to access Group Policies every 2 hours. What is it that is trying to do this and how do I persuade it to use the new password? It occurs when the user has logged off the network and shut their workstation down. This error only happens when the user is not logged on the network:

Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 22/01/2007
Time: 06:57:53
User: N/A
Computer: SENIOR
Description:
The Security System detected an authentication error for the server ldap/senior.sion_domain.local/sion_domain.local@sion_domain.local. The failure code from authentication protocol Kerberos was "The attempted logon is invalid. This is either due to a bad username or authentication information. (0xc000006d)".

Application Event Log - every 2 hours (approx)

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: 22/01/2007
Time: 08:45:54
User: SION_DOMAIN\username
Computer: SENIOR
Description: Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

[JUSTICE]

Even I have seen these 40961 and 40960 errors many times, and after putting a lot of time looking into them, and I was not able to find a cause.

[.:MUNDITO:.]

Can you try to go to the computer senior and open up the services, from control panel, and see if you can find any services that have an account that is invalid also and go to the scheduled tasks on senior and look for the same thing.

[Zachary]

Thanks for the help, I have finally solves this issue actually. The server just crashed out of a sudden due to Raid failure and when I restarted and rebuilt, then this error was not showing any more.