When you try to access a DFS (Distributed File System) share in an un-trusted domain, you cannot gain access, and the System event log contains:
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
User: N/A
Computer: <Computer Name>
Description: The Security System could not establish a secured connection
with the server <service>/<server name>. No authentication protocol was available.
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
User: N/A
<Computer Name>
Description: The Security System detected an authentication error for the server <service>/<server name>.
The failure code from authentication protocol Kerberos was 'There are currently no logon servers available to service
the logon request. (0xc000005e)'.
MS04-011, which is included in Windows XP SP2, changes Kerberos authentication, removing the fallback to NTLM when a domain controller cannot be accessed. If you cannot contact a KDC (Key Distribution Center), you are prevented from accessing the resource.
To workaround this behavior, use either of the following:
• Make a domain controller available.
• Log on to the system with a local account.