Error lsasvr 40690

Tutorials Win: Microsoft Windows Forum

Hi all,

I have been having this error on one of our domain controler (cut and paste
of the event at the end of the post). It's repeated every 1:30 to 2 hours and
has been going on for 2 weeks. I have made an extensibe search both on
microsoft website and google (web) and I couldn't find anything that apply to
this error.

I have also made a complete diagnostic of the server with dsdiag, netdiag,
nltest and nothing comes out, all diagnostics indicate that the server is
fonctionning correctly without any error. The IP configuration is correct,
the account is not disabled or erase and at this point I can't figure out
what is wrong or if I even need to be worried­.

One last thing, it as been a while since the server has been rebooted. I
plan on doing it this afternoon and see if it makes a difference.

Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 3/25/2008
Time: 1:20:41 PM
User: N/A
Computer: SHSJDC02
Description:
The Security System detected an authentication error for the server
ldap/shsjdc02.somewhere.intranet/somewhere.intranet@somewhere.intranet. The
failure code from authentication protocol Kerberos was "The referenced
account is currently disabled and may not be logged on to.
(0xc0000072)".

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 72 00 00 c0 r..Ã?
Top

Re: Error lsasvr 40690 by Paul

Paul
Wed Mar 26 06:03:14 PDT 2008

There are two things that come to mind

1) Time sync is the time on this machine within 5 minutes of your PDCe?

2) You may need to try and reset the machine account password using netdom
(Although I don't believe this is the issue)
http://support.microsoft.com/kb/325850

You can also check EventID.Net they usually have others with similar issues
and the resolution they had for the problem.
http://www.eventid.net/display.asp?eventid=40960&eventno=8508&source=LSASRV&phase=1


--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"Pierre Courtois" <PierreCourtois@discussions.microsoft.com> wrote in
message news:89894288-DB9A-4C5F-A0BB-9354574C270B@microsoft.com...
> Hi all,
>
> I have been having this error on one of our domain controler (cut and
> paste
> of the event at the end of the post). It's repeated every 1:30 to 2 hours
> and
> has been going on for 2 weeks. I have made an extensibe search both on
> microsoft website and google (web) and I couldn't find anything that apply
> to
> this error.
>
> I have also made a complete diagnostic of the server with dsdiag, netdiag,
> nltest and nothing comes out, all diagnostics indicate that the server is
> fonctionning correctly without any error. The IP configuration is correct,
> the account is not disabled or erase and at this point I can't figure out
> what is wrong or if I even need to be worried­.
>
> One last thing, it as been a while since the server has been rebooted. I
> plan on doing it this afternoon and see if it makes a difference.
>
> Event Type: Warning
> Event Source: LSASRV
> Event Category: SPNEGO (Negotiator)
> Event ID: 40960
> Date: 3/25/2008
> Time: 1:20:41 PM
> User: N/A
> Computer: SHSJDC02
> Description:
> The Security System detected an authentication error for the server
> ldap/shsjdc02.somewhere.intranet/somewhere.intranet@somewhere.intranet.
> The
> failure code from authentication protocol Kerberos was "The referenced
> account is currently disabled and may not be logged on to.
> (0xc0000072)".
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
> Data:
> 0000: 72 00 00 c0 r..À
>


Top

Re: Error lsasvr 40690 by PierreCourtois

PierreCourtois
Wed Mar 26 10:14:03 PDT 2008

As I was saying in my first post, it wasn't a time sync problem. And nothing
matched on eventid.net. The account wasn't locked or the password out of sync
either.

Like I said I was gonna do, I rebooted the server last night and, as I
suspected, the error disapeared and everything is fine up to now. Seems like
the server was "logged on" but, like I was saying, everything kept working
normally. So if you get that specific error, reboot before searching to much
for nothing.

Regard


"Paul Bergson [MVP-DS]" wrote:

> There are two things that come to mind
>
> 1) Time sync is the time on this machine within 5 minutes of your PDCe?
>
> 2) You may need to try and reset the machine account password using netdom
> (Although I don't believe this is the issue)
> http://support.microsoft.com/kb/325850
>
> You can also check EventID.Net they usually have others with similar issues
> and the resolution they had for the problem.
> http://www.eventid.net/display.asp?eventid=40960&eventno=8508&source=LSASRV&phase=1
>
>
> --
> Paul Bergson
> MVP - Directory Services
> MCT, MCSE, MCSA, Security+, BS CSci
> 2008, 2003, 2000 (Early Achiever), NT4
>
> http://www.pbbergs.com
>
> Please no e-mails, any questions should be posted in the NewsGroup
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
Top