Event ID: 40960
SSR
I have installed and configured 2 new DCs, I have no errors when I run
dcdiag /q and netdiag/q on both of the servers, but when I checked the Event
Viewer / System of the DC1 I have the following warning, and this error is
reproduced every one hour:
The Security System detected an authentication error for the server
DNS/DC1.mygroup.com. The failure code from authentication protocol Kerberos
was "The attempted logon is invalid. This is either due to a bad username or
authentication information.
(0xc000006d)".
Also Please note that on DC1 is the server where the DNS is configured.
Can somebody help I need to be sure of my DCs before proceeding with joining
machines.
Thanks,
SSR
Meinolf Weber
Please post an unedited ipconfig /all from both machines.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Mr SSR
Below are the results for the ipconfig /all for both DCs (DC1 and DC2)
For DC1
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC1
Primary Dns Suffix . . . . . . . : mygroup.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mygroup.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE
(NDIS
VBD Client)
Physical Address. . . . . . . . . : 00-1D-09-1A-24-08
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.1.10.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.1.10.4
DNS Servers . . . . . . . . . . . : 10.1.10.1
FOR DC2
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC2
Primary Dns Suffix . . . . . . . : mygroup.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mygroup.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-19-B9-F9-7C-FE
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.1.10.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.1.10.4
DNS Servers . . . . . . . . . . . : 10.1.10.1
Regards,
SSR
Paul Bergson [MVP-DS]
the two dc's are within 5 minutes of one another for time.
Here is a link with other users who have run into this issue.
http://www.eventid.net/display.asp?eventid=40960&eventno=787&source=LsaSrv&phase=1
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"SSR" <S...@discussions.microsoft.com> wrote in message
news:C85A3074-6C15-4C04...@microsoft.com...
Mr SSR
My both machines are well synchronized on time.
The is an ignorable difference of time: Less than one SECOND.
Thank you,
SSR
Meinolf Weber
Have you created a Reverse Lookup Zone on the DNS server? If not create one
and check again, best after a restart.
Only a suggestion:
Also you should think about making the second Dc also a DNS server/Global
catalog server for redundancy. Also it will be easier if you use Active directory
integrated zones, you can add records at any time if one DNS is down, instead
of primary and secondary zone, where the secondary only stores a copy to
which can not be written if the primary is down.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> Hello,