Topic Last Modified: 2008-02-26
This topic provides information about how to troubleshoot the Exchange Management Console if is unable to connect to Active Directory with Event ID 40960.
If this error occurs, event log errors are generated with the following information:
Event ID: 40960
Event Source: LSASRV
Event Type: Warning
Description: The Security System detected an authentication error for the server ldap/WORKSTATION1. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request."
This issue can be caused by the following:
- Kerberos authentication is not available or is not working
correctly between the administrative workstation and the domain
- The Kerberos protocol requires that all computer clocks be
synchronized to within five minutes of each other.
- The administrative workstation is not a member of a domain, or
there is a problem with its domain membership.
- An invalid user name or password has been stored on the
administrative workstation for use when connecting to a particular
domain controller. This stored credential is overriding your
current logon credentials. In Microsoft
Windows Server 2003, you can store credentials by
using the Stored User Names and Passwords applet in
- Intermittent network connectivity issues.
Before You Begin
To perform this procedure, the account you use must be delegated membership in the local Administrators group. For more information about permissions, delegating roles, and the rights that are required to administer Microsoft Exchange 2007, see Permission Considerations.
To resolve the problem, do one or all of the following:
- Ensure that Kerberos authentication is functioning correctly.
For more information about Kerberos authentication, see Kerberos Authentication in Windows Server 2003 and
Kerberos Authentication Technical
- Ensure that all computer clocks are synchronized to within five
- Ensure that you are not having network connectivity