Secure LDAP conn

I am getting the following error on many workstations. It looks like the
path is invalid to the ldap server (ldap/dc2.domain.com/domain.com@domain.com.
). Where is this path pulled from?

should be: ldap/dc2.domain.com ???

Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: 5/23/2007
Time: 4:41:38 AM
User: N/A
Computer: xpstation
Description:
The Security System could not establish a secured connection with the server
ldap/dc2.domain.com/domain.com@domain.com. No authentication protocol was
available.

--
Message posted via WinServerKB.com
http://www.winserverkb.com/Uwe/Forum...er-ad/200706/1

Hi
Generally the 40961 are related with noy having DNS reverse-lookup zone.
Check
http://www.jsifaq.com/SF/Tips/Tip.aspx?id=5612
other situations
http://www.eventid.net/display.asp?e...LsaSrv&phase=1

--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services
"fixitchris" <u28526@uwe> wrote in message news:734012460df91@uwe...
>I am getting the following error on many workstations. It looks like the
> path is invalid to the ldap server
> (ldap/dc2.domain.com/domain.com@domain.com.
> ). Where is this path pulled from?
>
> should be: ldap/dc2.domain.com ???
>
> Event Type: Warning
> Event Source: LSASRV
> Event Category: SPNEGO (Negotiator)
> Event ID: 40961
> Date: 5/23/2007
> Time: 4:41:38 AM
> User: N/A
> Computer: xpstation
> Description:
> The Security System could not establish a secured connection with the
> server
> ldap/dc2.domain.com/domain.com@domain.com. No authentication protocol was
> available.
>
> --
> Message posted via WinServerKB.com
> http://www.winserverkb.com/Uwe/Forum...er-ad/200706/1
>

http://www.microsoft.com/technet/sup...asrv&LCID=1033

-Keshav / IT Consultant

Is this a useful post? Mark this as a useful post by clicking "Yes" below.
This will help others too.

"fixitchris" wrote:

> I am getting the following error on many workstations. It looks like the
> path is invalid to the ldap server (ldap/dc2.domain.com/domain.com@domain.com.
> ). Where is this path pulled from?
>
> should be: ldap/dc2.domain.com ???
>
> Event Type: Warning
> Event Source: LSASRV
> Event Category: SPNEGO (Negotiator)
> Event ID: 40961
> Date: 5/23/2007
> Time: 4:41:38 AM
> User: N/A
> Computer: xpstation
> Description:
> The Security System could not establish a secured connection with the server
> ldap/dc2.domain.com/domain.com@domain.com. No authentication protocol was
> available.
>
> --
> Message posted via WinServerKB.com
> http://www.winserverkb.com/Uwe/Forum...er-ad/200706/1
>
>

Thanks for the help.

I am going to try http://support.microsoft.com/kb/885887/en-us hotfix.

But besides that I am also getting 1030 events and it looks like they're all
happening at night time.
The network setup is 172.16.x.x with a 255.255.0.0 mask. and DHCP gives out
172.16.0.1-172.16.4.254. There are reverse zones for 172.16.0.x,172.16.1.x,
172.16.2.x, etc.

Several weeks ago I setup two new DCs to lighten the load of our file server.
Since then I have demoted the original DC and this is when it all started.
The DC demotion was successful and looks like all records are gone from DNS.

Also at the same time I am getting this error:

Event Type: Failure Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 861
Date: 6/6/2007
Time: 7:38:26 AM
User: NT AUTHORITY\SYSTEM
Computer: xpstation
Description:
The Windows Firewall has detected an application listening for incoming
traffic.

Name: -
Path: C:\WINDOWS\system32\lsass.exe
Process identifier: 756
User account: SYSTEM
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 2321
Allowed: No
User notified: No


I added C:\WINDOWS\system32\lsass.exe to FW exceptions to see what will
happen.

--
Message posted via WinServerKB.com
http://www.winserverkb.com/Uwe/Forum...er-ad/200706/1