Article ID: 259922
Article Last Modified on 10/11/2007
APPLIES TO
- Microsoft Windows Server 2003, Standard x64 Edition
- Microsoft Windows Server 2003, Enterprise x64 Edition
- Microsoft Windows Server 2003, Standard Edition (32-bit x86)
- Microsoft Windows Server 2003, Enterprise Edition
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows XP Professional
- Microsoft Windows XP Home Edition
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional Edition
This article was previously published under Q259922
Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows registry
SYMPTOMS
During a Netmon trace (or possibly in event logs) you may see Domain Name Service (DNS) queries and errors messages relating to blackhole.isi.edu. For example, the following Warning event may be logged:
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: Date
Time: Time
User: N/A
Computer: Computer
Description:
The Security System could not establish a secured connection with the server DNS/prisoner.iana.org. No authentication protocol was available. For more information, see Help and Support Center at http://support.microsoft.com.
Data: 0000: 8b 01 00 c0 ?..À
CAUSE
This behavior can occur when Windows 2000 tries to register the DNS PTR (reverse-lookup) record for a private network address. For example, if your server has a 10.0.0.x Internet Protocol (IP) address, the primary DNS server for 10.in-addr.arpa (which is the reverse-lookup zone for the 10.x address range) currently is blackhole.isi.edu. You should receive similar results for the 192.168.x.x and the 172.16.0.0-172.31.255.255 address range as well.
RESOLUTION
To resolve this issue, use one of the following options.
Option 1
Configure your local DNS server to have the reverse-lookup zone that the Windows 2000-based computers can use to register. For example, if your computers are using a 10.0.0.x IP address, create a reverse-lookup zone of 10.in-addr.arpa on the local DNS server on which the Windows 2000-based computers are attempting to register.
Option 2
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk. Disable Windows 2000 from registering the PTR record, using the following steps:
- Start Registry Editor (Regedt32.exe).
- Locate the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- On the Edit menu, click Add Value, and then add the following registry value:
Value Name: DisableReverseAddressRegistrations
Data Type: REG_DWORD
Value: 1 - Quit Registry Editor.
This option disables DNS dynamic update registration of PTR records by this DNS client. PTR records associate an IP address with a computer name. This entry is designed for enterprises in which the primary DNS server that is authoritative for the reverse-lookup zone cannot or is configured not to perform dynamic updates. It reduces unnecessary network traffic and eliminates event log errors that record unsuccessful attempts to register PTR records.
MORE INFORMATION
You can use the nslookup command from a command prompt to try and verify the information. The following example returns primary name server = prisoner.iana.org:
c:>nslookup <cr>
>set type=SOA<cr>
>10.in-addr.arpa<cr>
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
142863 Valid IP addressing for a private network
Additional query words: blackhole
Keywords: kbenv kbnetwork kbprb KB259922
