The Problem
I had a weird problem when I first turned my laptop on this morning. I overlooked the problem because I had to get on to my day's work which luckily didn't involve accessing any machine on the network.
The problem was that my machine, and my machine only, was not gaining access to 2kserver, our Windows 2000 Domain Controller. This meant also that I could not access any other machine on the network since every machine uses Active Directory to authenticate.
So I began the lengthy troubleshooting phase of my journey, looking specifically for the EventID of 40961 which read:
The Security System could not establish a secured connection with the server cifs/2kserver.ghadmin.org. No authentication protocol was available.
“No problem,” I thought. I did a web search on “40961 XP“ (no quotes) and came to this entry on experts-exchange.com: http://www.experts-exchange.com/Networking/Microsoft_Network/Q_20964880.html
The suggested fix was to recreate the profile from scratch. I had recently rebuilt the laptop from the ground up right when SP2 hit so that I would be as secure as possible. I was not about to rebuild what I thought to be a perfect profile. One suggestion is what I knew would probably fix the problem. It seems that if time synchronization isn't done properly and one of the computers is out of sync, it could cause the very error message I had. So I went down the road of updating my time service information on both my computer and the domain controller. I followed the steps and had errors when I ran w32tm /monitor so I searched for the error message I found and came across a post on experts-exchange which gave the very same steps to do, but with some follow ups here: http://www.experts-exchange.com/Operating_Systems/Win2000/Q_21046240.html
The fix posed to be a headache. Why? Because I don't run as Administrator or a user with administrative credentials over the network, so commands like NET TIME /SET /YES or w32tm /resync don't work. w32tm /monitor works, but it was giving the error message that the other user was having. I ran into a brick wall.
The Fix
I use TweakUI's auto login feature to log me onto the network. I also use this for every other machine so that users don't have to type in passwords. This is changing shortly as I become more familiar with and deploy our Active Directory infrastructure.
How does this relate to the problem? Well rather than restart the computer for more troubleshooting, I thought I would skip the step and simply click Log off. I did so and got back to the login screen. I then proceeded to login to the network and it gave me a message saying I needed to change my password. I changed my password to something easy to remember and I could login with full credentials again.
Conclusion
So on the surface it appears that if you use an auto-login feature it skips the “Please change your password” screen and authenticates you using cached credentials. This allows you to work on your own machine as if nothing happened, but the second you go trying to connect to the domain you'll see the problem quickly. Enter your password all you want, nothing works. I initially thought someone hacked our network or my machine but thankfully that wasn't the case.
What bugs me is that the screen shouldn't have shown up in the first place. I initially setup a password policy in a test GPO that I had since turned off. My theory was that it was to blame but doing a RSoP on my machine using Group Policy Management Console (a life-saver) shows that the Winning GPO that defined the 42 day password policy is the Default Domain Policy. I've not changed this GPO ever to my knowledge, so why it would all of a sudden show this problem is a mystery to me.
I wrote this post to basically remind me of the culprit just in case I did see the problem again. This is also to give light to other possible causes of the 40961 event log error message which apparently has a good deal of possible problem areas. At least my laptop functions like it should now, hopefully when I upgrade all of the computers to SP2 tonight I won't run into this again.