DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 259922 - Last Review: October 11, 2007 - Revision: 6.5

This article was previously published under Q259922

On This Page

SYMPTOMS

During a Netmon trace (or possibly in event logs) you may see Domain Name Service (DNS) queries and errors messages relating to blackhole.isi.edu. For example, the following Warning event may be logged:

Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: Date
Time: Time
User: N/A
Computer: Computer
Description:
The Security System could not establish a secured connection with the server DNS/prisoner.iana.org. No authentication protocol was available. For more information, see Help and Support Center at http://support.microsoft.com.

Data: 0000: 8b 01 00 c0 ?..À

CAUSE

This behavior can occur when Windows 2000 tries to register the DNS PTR (reverse-lookup) record for a private network address. For example, if your server has a 10.0.0.x Internet Protocol (IP) address, the primary DNS server for 10.in-addr.arpa (which is the reverse-lookup zone for the 10.x address range) currently is blackhole.isi.edu. You should receive similar results for the 192.168.x.x and the 172.16.0.0-172.31.255.255 address range as well.

RESOLUTION

To resolve this issue, use one of the following options.

Option 1

Configure your local DNS server to have the reverse-lookup zone that the Windows 2000-based computers can use to register. For example, if your computers are using a 10.0.0.x IP address, create a reverse-lookup zone of 10.in-addr.arpa on the local DNS server on which the Windows 2000-based computers are attempting to register.

Option 2

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756  (http://support.microsoft.com/kb/322756/ ) How to back up and restore the registry in Windows
Disable Windows 2000 from registering the PTR record, using the following steps:
  1. Start Registry Editor (Regedt32.exe).
  2. Locate the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
  3. On the Edit menu, click Add Value, and then add the following registry value:
    Value Name: DisableReverseAddressRegistrations
    Data Type: REG_DWORD
    Value: 1
  4. Quit Registry Editor.
This option disables DNS dynamic update registration of PTR records by this DNS client. PTR records associate an IP address with a computer name. This entry is designed for enterprises in which the primary DNS server that is authoritative for the reverse-lookup zone cannot or is configured not to perform dynamic updates. It reduces unnecessary network traffic and eliminates event log errors that record unsuccessful attempts to register PTR records.

MORE INFORMATION

You can use the nslookup command from a command prompt to try and verify the information. The following example returns primary name server = prisoner.iana.org:
c:>nslookup <cr>
>set type=SOA<cr>
>10.in-addr.arpa<cr>
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
142863  (http://support.microsoft.com/kb/142863/ ) Valid IP addressing for a private network

APPLIES TO
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Home Edition
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
Keywords: 
kbenv kbnetwork kbprb KB259922
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support