Here are some simple methods that can help you fix lsasrv 40960 invalid connection attempt issue.

1. Check the current lockout threshold for your account based on the default policy domain.

2. Check the PDC in the appropriate domain.

Computer Configuration Windows Settings Security Settings Local Policies Audit Policy
Auditing Account Logon Events – Failure (applied by the Default Domain Controller Policy)
Account Control Validation – Success and Failure ( forwarded via .default) Domain controller policy)
Checking for connection events – error “Change it through the server’s local group policy, we’ll cover it later”

Or use the latest audit policies (advanced audit policies replace traditional default audit policies):
Computer Configuration Windows Settings Security Settings Advanced Audit Policy Configuration

on domain controllers (easy to enforce using the default domain controller policy)
Login to account:
Checking service prKerberos Authentication – Error
Credential Verification – Error

on domain controllers (applicable through the default domain controller policy)
User Account Control:
User Account Control Review – Pass and Fail

on the web server or client (change it in the local group policy on the server, we will both say that later)
Login / Logout:
Locking out the audit account – Error
Audit log – “Error < / p>

2. We can run the following codes on a domain controller to assign the update policy and verify that the corresponding audit policy settings are indeed enabled:

lsasrv 40960 the attempted logon is invalid

3. As soon as accounts are blocked, as soon as more (we can choose 2-3 stories to check).

4. Next, we check the security log of a domain controller whose bad account pwd value is not necessarily 0 in its bad account. If accounts on domain controllers are closed multiple times, we canCheck the safety log of this song for non-PDC.

5. Make sure there are important event IDs for 4740, 4771 (error password 0x18) and 4776 (error 0xc000006a) according to DC security protocol. Apparently, you can see 4740 or 4771 on DC.

6. Next, check the client address, source workstation, or caller’s computer using the Event 4740 or Event 4771 label.

7. The account may actually be locked on the computer (the address of the source client or workstation, or the name of the calling computer).

Computer Configuration Windows Settings Security Settings Local Policies Audit Policy – Auditing Connection Events – Error • changing local Group Policy using the server •

Computer Configuration Windows Settings Security Settings Advanced Audit Policy Configuration
on the server or in software (change via local Group Policy relative to the server)
Connect / Logout:
BlockedAudit account setting – error
Logon auditing – error

… Check credential pruning to ensure old credentials are normally cached.
… Check if there is usually an incorrect password for locating a network drive.
… if my user used the wrong data to start services, perform scheduled actions, etc.
• Are there any other third-party services with a completely incorrect cache user password.

Hope you find the tips above helpful. If anything is unclear, please let us know.

lsasrv 40960 the attempted logon is invalid