Hi,
I replaced my 2012 R2 domain controllers with 2022 domain controllers and since then i get repeated errors within the Domain Controller's event log similar to the following:
An authentication request for package NTLM was rejected because the target information was invalid. The authentication request did not match the target name of XXXXXXXX.
Source: LSA (LsaSrv)
EventID: 6040
Can you help me please ?
thanks
seb
error 6040 in Domain Controller's event log
-
- First post
- Posts: 1
- Joined: Wed Sep 14, 2022 9:36 pm
-
- New here
- Posts: 2
- Joined: Wed Feb 01, 2023 8:26 pm
Re: error 6040 in Domain Controller's event log
Hello!
At our company we have the same problem: hundreds of 6040 errors on domain controller (Windows Server 2019), with the same message as above.
Any solution? What's causing the problem?
Regards.
At our company we have the same problem: hundreds of 6040 errors on domain controller (Windows Server 2019), with the same message as above.
Any solution? What's causing the problem?
Regards.
- OneCD
- Guru
- Posts: 12141
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
Re: error 6040 in Domain Controller's event log
Hi, what is your NAS make and model please?Prosecutor wrote: ↑Wed Feb 01, 2023 8:36 pm At our company we have the same problem: hundreds of 6040 errors on domain controller (Windows Server 2019), with the same message as above.
Any solution? What's causing the problem?
-
- New here
- Posts: 5
- Joined: Fri Feb 03, 2023 3:07 pm
Re: error 6040 in Domain Controller's event log
We have the same issue. QNAP Model is TS-453BT3 (QTS 5.0.1.2277) and Windows Server 2019 running December patch (17763.3770). I enabled kerberos event logging in the hopes that it might shed some more light on this but nothing is caught in Event viewer.OneCD wrote: ↑Thu Feb 02, 2023 2:53 amHi, what is your NAS make and model please?Prosecutor wrote: ↑Wed Feb 01, 2023 8:36 pm At our company we have the same problem: hundreds of 6040 errors on domain controller (Windows Server 2019), with the same message as above.
Any solution? What's causing the problem?
-
- New here
- Posts: 2
- Joined: Wed Feb 01, 2023 8:26 pm
Re: error 6040 in Domain Controller's event log
Our setup is: QNAP TS-853BU-RP (QTS 5.0.1.2277) working with DC on Windows Server 2019 (10.0.17763.3887).OneCD wrote: ↑Thu Feb 02, 2023 2:53 amHi, what is your NAS make and model please?Prosecutor wrote: ↑Wed Feb 01, 2023 8:36 pm At our company we have the same problem: hundreds of 6040 errors on domain controller (Windows Server 2019), with the same message as above.
Any solution? What's causing the problem?
-
- New here
- Posts: 5
- Joined: Fri Feb 03, 2023 3:07 pm
Re: error 6040 in Domain Controller's event log
I found something more under Application and Services logs -> Microsoft-Windows-NTLM/Operational
Domain Controller Blocked Audit: Audit NTLM authentication to this domain controller.
Secure Channel name: xxxxxxx
User name: xxxxxxxxxxx
Domain name: xxxxxxxxxxxx
Workstation name: \\xxxxxxxxxxxxxx
Secure Channel type: 2
Audit NTLM authentication requests within the domain XXXXX that would be blocked if the security policy Network Security: Restrict NTLM: NTLM authentication in this domain is set to any of the Deny options.
If you want to allow NTLM authentication requests in the domain XXXXX, set the security policy Network Security: Restrict NTLM: NTLM authentication in this domain to Disabled.
If you want to allow NTLM authentication requests to specific servers in the domain XXXXXXX, set the security policy Network Security: Restrict NTLM: NTLM authentication in this domain to Deny for domain servers or Deny domain accounts to domain servers, and then set the security policy Network Security: Restrict NTLM: Add server exceptions in this domain to define a list of servers in the domain XXXXXX to which clients are allowed to use NTLM authentication.
Looks like this is all related to https://learn.microsoft.com/en-us/windo ... his-domain
Domain Controller Blocked Audit: Audit NTLM authentication to this domain controller.
Secure Channel name: xxxxxxx
User name: xxxxxxxxxxx
Domain name: xxxxxxxxxxxx
Workstation name: \\xxxxxxxxxxxxxx
Secure Channel type: 2
Audit NTLM authentication requests within the domain XXXXX that would be blocked if the security policy Network Security: Restrict NTLM: NTLM authentication in this domain is set to any of the Deny options.
If you want to allow NTLM authentication requests in the domain XXXXX, set the security policy Network Security: Restrict NTLM: NTLM authentication in this domain to Disabled.
If you want to allow NTLM authentication requests to specific servers in the domain XXXXXXX, set the security policy Network Security: Restrict NTLM: NTLM authentication in this domain to Deny for domain servers or Deny domain accounts to domain servers, and then set the security policy Network Security: Restrict NTLM: Add server exceptions in this domain to define a list of servers in the domain XXXXXX to which clients are allowed to use NTLM authentication.
Looks like this is all related to https://learn.microsoft.com/en-us/windo ... his-domain
-
- New here
- Posts: 5
- Joined: Fri Feb 03, 2023 3:07 pm
Re: error 6040 in Domain Controller's event log
when I run: testparm -v | grep -i ntlm
on my QNAP it spits out:
indicating that ntlmv1 is permitted, any idea how I disable it?
on my QNAP it spits out:
Code: Select all
client NTLMv2 auth = Yes
ntlm auth = ntlmv1-permitted
raw NTLMv2 auth = No
-
- New here
- Posts: 5
- Joined: Fri Feb 03, 2023 3:07 pm
Re: error 6040 in Domain Controller's event log
Edit: I spoke too soon, this only resolved the issue with my other Event ID warnings, not the original 6040 error which is still there.
For now the workaround for this is to add your QNAP to the exception list in a GPO under "Network security: Restrict NTLM: Add server exceptions in this domain" found under Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
https://learn.microsoft.com/en-us/windo ... his-domain
For now the workaround for this is to add your QNAP to the exception list in a GPO under "Network security: Restrict NTLM: Add server exceptions in this domain" found under Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
https://learn.microsoft.com/en-us/windo ... his-domain
-
- New here
- Posts: 5
- Joined: Fri Feb 03, 2023 3:07 pm
Re: error 6040 in Domain Controller's event log
Well after an hour of trying and waiting I believe my problem was resolved.
Turns out that using IP address instead of hostname is not supported by default on Server 2016/2019/2022 https://learn.microsoft.com/en-us/windo ... os-over-ip
After I changed the settings to access the NAS with hostname the events seem to be a thing of the past. I have also tried the IP method linked above and it seems to work.
Edit: also check that you have PTR record for your NAS in dns
Turns out that using IP address instead of hostname is not supported by default on Server 2016/2019/2022 https://learn.microsoft.com/en-us/windo ... os-over-ip
After I changed the settings to access the NAS with hostname the events seem to be a thing of the past. I have also tried the IP method linked above and it seems to work.
Edit: also check that you have PTR record for your NAS in dns
-
- First post
- Posts: 1
- Joined: Sat Oct 07, 2023 12:24 am
Re: error 6040 in Domain Controller's event log
Hi Amazing Fin.
I have just demoted my last 2012R2 DC and promoted the 5th and last new 202 DC. Suddenly I am getting same Event ID's 6040 LSA - An authentication request for package NTLM was rejected because the target information was invalid. The authentication request did not match the target name of DARN-NAS-03 now flooding (only 1 of 5) DC's with this event ID.
Can you please explain exactly what you did to resolve? What setting did you change on the NAS? Also the nas has a hostname and an IP. I do not understand what IP address is not supported by Server OS?
This is driving me nuts at the moment so anything you could offer would be greatly appreciated.
TIA
Cheers
I have just demoted my last 2012R2 DC and promoted the 5th and last new 202 DC. Suddenly I am getting same Event ID's 6040 LSA - An authentication request for package NTLM was rejected because the target information was invalid. The authentication request did not match the target name of DARN-NAS-03 now flooding (only 1 of 5) DC's with this event ID.
Can you please explain exactly what you did to resolve? What setting did you change on the NAS? Also the nas has a hostname and an IP. I do not understand what IP address is not supported by Server OS?
This is driving me nuts at the moment so anything you could offer would be greatly appreciated.
TIA
Cheers