error 6040 in Domain Controller's event log

Questions about using Windows AD service.
Post Reply
sebas22_22
First post
Posts: 1
Joined: Wed Sep 14, 2022 9:36 pm

error 6040 in Domain Controller's event log

Post by sebas22_22 »

Hi,

I replaced my 2012 R2 domain controllers with 2022 domain controllers and since then i get repeated errors within the Domain Controller's event log similar to the following:
An authentication request for package NTLM was rejected because the target information was invalid. The authentication request did not match the target name of XXXXXXXX.
Source: LSA (LsaSrv)
EventID: 6040

Can you help me please ?

thanks
seb
Prosecutor
New here
Posts: 2
Joined: Wed Feb 01, 2023 8:26 pm

Re: error 6040 in Domain Controller's event log

Post by Prosecutor »

Hello!

At our company we have the same problem: hundreds of 6040 errors on domain controller (Windows Server 2019), with the same message as above.

Any solution? What's causing the problem?

Regards.
User avatar
OneCD
Guru
Posts: 12010
Joined: Sun Aug 21, 2016 10:48 am
Location: "... there, behind that sofa!"

Re: error 6040 in Domain Controller's event log

Post by OneCD »

Prosecutor wrote: Wed Feb 01, 2023 8:36 pm At our company we have the same problem: hundreds of 6040 errors on domain controller (Windows Server 2019), with the same message as above.

Any solution? What's causing the problem?
Hi, what is your NAS make and model please?

ImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImage
AmazingFin
New here
Posts: 5
Joined: Fri Feb 03, 2023 3:07 pm

Re: error 6040 in Domain Controller's event log

Post by AmazingFin »

OneCD wrote: Thu Feb 02, 2023 2:53 am
Prosecutor wrote: Wed Feb 01, 2023 8:36 pm At our company we have the same problem: hundreds of 6040 errors on domain controller (Windows Server 2019), with the same message as above.

Any solution? What's causing the problem?
Hi, what is your NAS make and model please?
We have the same issue. QNAP Model is TS-453BT3 (QTS 5.0.1.2277) and Windows Server 2019 running December patch (17763.3770). I enabled kerberos event logging in the hopes that it might shed some more light on this but nothing is caught in Event viewer.
Prosecutor
New here
Posts: 2
Joined: Wed Feb 01, 2023 8:26 pm

Re: error 6040 in Domain Controller's event log

Post by Prosecutor »

OneCD wrote: Thu Feb 02, 2023 2:53 am
Prosecutor wrote: Wed Feb 01, 2023 8:36 pm At our company we have the same problem: hundreds of 6040 errors on domain controller (Windows Server 2019), with the same message as above.

Any solution? What's causing the problem?
Hi, what is your NAS make and model please?
Our setup is: QNAP TS-853BU-RP (QTS 5.0.1.2277) working with DC on Windows Server 2019 (10.0.17763.3887).
AmazingFin
New here
Posts: 5
Joined: Fri Feb 03, 2023 3:07 pm

Re: error 6040 in Domain Controller's event log

Post by AmazingFin »

I found something more under Application and Services logs -> Microsoft-Windows-NTLM/Operational


Domain Controller Blocked Audit: Audit NTLM authentication to this domain controller.
Secure Channel name: xxxxxxx
User name: xxxxxxxxxxx
Domain name: xxxxxxxxxxxx
Workstation name: \\xxxxxxxxxxxxxx
Secure Channel type: 2

Audit NTLM authentication requests within the domain XXXXX that would be blocked if the security policy Network Security: Restrict NTLM: NTLM authentication in this domain is set to any of the Deny options.

If you want to allow NTLM authentication requests in the domain XXXXX, set the security policy Network Security: Restrict NTLM: NTLM authentication in this domain to Disabled.

If you want to allow NTLM authentication requests to specific servers in the domain XXXXXXX, set the security policy Network Security: Restrict NTLM: NTLM authentication in this domain to Deny for domain servers or Deny domain accounts to domain servers, and then set the security policy Network Security: Restrict NTLM: Add server exceptions in this domain to define a list of servers in the domain XXXXXX to which clients are allowed to use NTLM authentication.



Looks like this is all related to https://learn.microsoft.com/en-us/windo ... his-domain
AmazingFin
New here
Posts: 5
Joined: Fri Feb 03, 2023 3:07 pm

Re: error 6040 in Domain Controller's event log

Post by AmazingFin »

when I run: testparm -v | grep -i ntlm
on my QNAP it spits out:

Code: Select all

        client NTLMv2 auth = Yes
        ntlm auth = ntlmv1-permitted
        raw NTLMv2 auth = No
indicating that ntlmv1 is permitted, any idea how I disable it?
AmazingFin
New here
Posts: 5
Joined: Fri Feb 03, 2023 3:07 pm

Re: error 6040 in Domain Controller's event log

Post by AmazingFin »

Edit: I spoke too soon, this only resolved the issue with my other Event ID warnings, not the original 6040 error which is still there.




For now the workaround for this is to add your QNAP to the exception list in a GPO under "Network security: Restrict NTLM: Add server exceptions in this domain" found under Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

https://learn.microsoft.com/en-us/windo ... his-domain
AmazingFin
New here
Posts: 5
Joined: Fri Feb 03, 2023 3:07 pm

Re: error 6040 in Domain Controller's event log

Post by AmazingFin »

Well after an hour of trying and waiting I believe my problem was resolved.

Turns out that using IP address instead of hostname is not supported by default on Server 2016/2019/2022 https://learn.microsoft.com/en-us/windo ... os-over-ip

After I changed the settings to access the NAS with hostname the events seem to be a thing of the past. I have also tried the IP method linked above and it seems to work.

Edit: also check that you have PTR record for your NAS in dns
JayPH
First post
Posts: 1
Joined: Sat Oct 07, 2023 12:24 am

Re: error 6040 in Domain Controller's event log

Post by JayPH »

Hi Amazing Fin.

I have just demoted my last 2012R2 DC and promoted the 5th and last new 202 DC. Suddenly I am getting same Event ID's 6040 LSA - An authentication request for package NTLM was rejected because the target information was invalid. The authentication request did not match the target name of DARN-NAS-03 now flooding (only 1 of 5) DC's with this event ID.

Can you please explain exactly what you did to resolve? What setting did you change on the NAS? Also the nas has a hostname and an IP. I do not understand what IP address is not supported by Server OS?

This is driving me nuts at the moment so anything you could offer would be greatly appreciated.

TIA

Cheers
Post Reply

Return to “Windows Domain & Active Directory”