D
Drew Govnyak
We are in the single forest native 2003 domain. 2 Domain Controllers 30
member servers. All 2003 Servers (members and dcs) have SP2 applied. Network
has been up for the past 5 years. Since Feb 20th of this year. All of the
2003 member servers started Logging Warning Event ID: 40960 from LSASRV at
random days and times, but not frequently. The message logged is deceiving,
it talks about time being different on one of the servers. (See below) The
max time difference on my servers is 0.005ms (obtained form w32time
/monitor), all servers except the PDC Emulator are configured to use Nt5DS
under
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\
key. I also found a Security Event ID 673 logged within 1 second of the
Warning on the DC to which member server, logging Event 40960 authenticated
to.
My suspicion is KB931836 DST 2007 which was installed on Feb 20 of this year
started this problem, but I am not 100% sure yet.
Is anybody else having the same problem?
Event ID: 40960
The Security System detected an authentication error for the server
cifs/dc1.ourdomain.local. The failure code from authentication protocol
Kerberos was "The time at the Primary Domain Controller is different than
the time at the Backup Domain Controller or member server by too large an
amount. (0xc0000133)".
Event ID: 673
Service Ticket Request:
User Name:
SERVERNAME$@MYDOMAIN.LOCAL
User Domain: MYDOMAIN.LOCAL
Service Name:
cifs/dc1.mydomain.local
Service ID: -
Ticket Options: 0x40810000
Ticket Encryption Type: -
Client Address: 172.16.8.26
Failure Code: 0xB
Logon GUID: -
Transited Services: -
member servers. All 2003 Servers (members and dcs) have SP2 applied. Network
has been up for the past 5 years. Since Feb 20th of this year. All of the
2003 member servers started Logging Warning Event ID: 40960 from LSASRV at
random days and times, but not frequently. The message logged is deceiving,
it talks about time being different on one of the servers. (See below) The
max time difference on my servers is 0.005ms (obtained form w32time
/monitor), all servers except the PDC Emulator are configured to use Nt5DS
under
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\
key. I also found a Security Event ID 673 logged within 1 second of the
Warning on the DC to which member server, logging Event 40960 authenticated
to.
My suspicion is KB931836 DST 2007 which was installed on Feb 20 of this year
started this problem, but I am not 100% sure yet.
Is anybody else having the same problem?
Event ID: 40960
The Security System detected an authentication error for the server
cifs/dc1.ourdomain.local. The failure code from authentication protocol
Kerberos was "The time at the Primary Domain Controller is different than
the time at the Backup Domain Controller or member server by too large an
amount. (0xc0000133)".
Event ID: 673
Service Ticket Request:
User Name:
SERVERNAME$@MYDOMAIN.LOCAL
User Domain: MYDOMAIN.LOCAL
Service Name:
cifs/dc1.mydomain.local
Service ID: -
Ticket Options: 0x40810000
Ticket Encryption Type: -
Client Address: 172.16.8.26
Failure Code: 0xB
Logon GUID: -
Transited Services: -
although if that were the case, im sure you