Security concerns?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello,

I am seeing this in my event viewer:
The Security System could not establish a secured connection with the server
DNS/prisoner.iana.org. No authentication protocol was available.

and this:

The Security System detected an authentication error for the server
ldap/timemachine.Timemachine.local. The failure code from authentication
protocol Kerberos was "There are currently no logon servers available to
service the logon request.
(0xc000005e)".

Anyone see this before?
Thank you,
Joe
 
Joe said:
Hello,

I am seeing this in my event viewer:
The Security System could not establish a secured connection with the
server DNS/prisoner.iana.org. No authentication protocol was
available.
Click to expand...

This event is caused from the DC trying to register its private address PTR
record in the IANA black hole servers, create a reverse lookup zone and use
only the DCs address for DNS should stop this.

and this:

The Security System detected an authentication error for the server
ldap/timemachine.Timemachine.local. The failure code from
authentication protocol Kerberos was "There are currently no logon
servers available to service the logon request.
(0xc000005e)".
Click to expand...

If this even only appears at start up you should ignore it, it is the Time
Service trying to authenticte before AD has started.

Event IDs 40960 and 40961 in the System Event Log When You Restart Windows
Server 2003 After You Run Dcpromo.exe
http://support.microsoft.com/default.aspx?scid=kb;en-us;823712
 
..Thank you Kevin,

I have a PTR set up already but it is with my ISP. I have all the addresses
that my DNS cannot resolve forwarded to my ISP DNS servers.I have my DNS set
to my own IP (pointing to itself) So where should I go from here? do a
reverse on 69.65.81.145
http://www.dnsreport.com I also have an SPF record.
Thank you
Joe
 
Joe said:
.Thank you Kevin,

I have a PTR set up already but it is with my ISP. I have all the
addresses that my DNS cannot resolve forwarded to my ISP DNS
servers.I have my DNS set to my own IP (pointing to itself) So where
should I go from here? do a reverse on 69.65.81.145
http://www.dnsreport.com I also have an SPF record.
Click to expand...

If it is trying to register in prisoner.iana.org, it is the PTRs for Private
addresses, you need a reverse lookup zone that covers your private IP range,
not knowing your private range I can't tell you what that is, but if your
private range is 192.168.x.x, then create a reverse lookup zone for the
NetID using the new zone wizard. The new zone wizard give you to choices,
using the NetID and using the reverse lookup zone name, the NetID would be
192.168 and the zone name will be 168.192.in-addr.arpa.
 
Joe said:
Thanks kevin this helps tremendously

my private IP's are 192.168. so what type would ichoose in the wizard?
dynamic update, no update, only for domain AD. there are a few
choices there I think just 4.

which one is correct for just internal DNS?
Click to expand...

Use Active Directory integrated, allow only secure updates and NetID
192.168.
 
Back
Top