| Event Id | 40968 |
| Source | LSASRV |
| Description | The Security System has received an authentication request that could not be decoded. The request has failed. |
| Event Information | This information from some newsgroups may help you: ------------------------------------------------------------------------------ This behavior occurs when you restart the server that was promoted to a domain controller. In this scenario, the Windows Time service (W32Time) tries to authenticate before Directory Services has started. There are no adverse effects on computers that experience the warning events that are described in the "Symptoms" section. The Negotiate Security Package is a specialized Security Support Provider (SSP) that acts as an application layer between the Security Support Provider Interface (SSPI) and the other SSPs. When an application calls into SSPI to log a security principal onto a network, it can specify an SSP to process that request. If the application specifies Negotiate, Negotiate analyzes the request and picks the best SSP to handle it. On a default install of Windows Server 2003, the Negotiate SSP will submit the logon request to Kerberos first as that is the preferred authentication protocol because, among other things, it supports mutual authentication. If Kerberos cannot process the request, Negotiate will fall back on NTLM. If, however, Kerberos can process the logon request, and the request fails with an authoritative error, Negotiate will not fall back on NTLM. The Negotiate SSP will log a 40960 event in the System log and include the error returned by Kerberos to explain why the logon request failed. |
| Reference Links |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.