http://www.eventid.net/display.asp?eventid=40960&eventno=787&source=LsaS rv&phase=1
Also have you turned on verbose Kerberos debugging to see if there is more detail with the errors? Z ________________________________ From: Christopher Boggs [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 16, 2008 12:18 PM To: NT System Admin Issues Subject: LSASRV and UserEnv woes I know you guys love these errors, they are very popular. I don't ask questions on here very often, I mostly try to answer them - but now it's my turn to rattle your brains. I'm hoping my situation is easily solved, but after looking over articles on EventID.net and the KB, I haven't found one that really applies to my situation. Most of them specify similar errors, but not quite the same. We have a closed LAN, a plain jane one domain controller setup. A 2003 DC, and another 2003 member server that is just a file server. 9 XP workstations. At one point, the domain administrator account was renamed. Ever since then, I've been getting LSASRV errors on the DC, in the SPNEGO category, ID is 40960 - message is "The Security System detected an authentication error for the server ldap/xxx.xxx.local/[EMAIL PROTECTED] The failure code from authentication protocol Kerberos was "The attempted logon is invalid. This is either due to a bad username or authentication information. (0xc000006d)". I also see UserEnv 1030 errors on the same server, saying Windows cannot query for the list of Group policy objects, check for previously logged messages that describe, etc, etc... But this one actually specifies a user, and it's the renamed domain administrator account. The member server constantly gets messages saying it cant bind to the domain, or cant establish a secured connection, but everything seems to work fine. I have a few workstations that get LSASRV errors or don't update GP as they should, but most of them work fine with no errors. I've checked all services, and nothing is running as the domain admin account that was renamed. What should be my next step? Maybe run dcdiag, reset machine account passwords, or disjoin, rejoin the problematic machines? Like I said, this is a closed LAN with no outside/internet access, so any utilities I don't already have will have to be copied over via CD. TIA, cb ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
