LSASRV Event ID 40960 Detected an Attempted downgrade attack

Event ID 40960 and 40961

“The Security System detected an attempted downgrade attack for server…”

In my case, when we logged the user in and opened Windows Explorer to a network share, we received an error. “The system detected a possible attempt to compromise security.” Then in the event logs, we saw the errors above. Turned out, a previous administrator saved a logon password under this user account. To remedy, you must open Control Panel, User Accounts, and then the Advanced tab. Then click the Manage Passwords button. In there, you can set and modify network passwords for specific servers. (a feature I never knew existed!) Sure enough, the server we were connecting to was in that list and set to the name of an ex-admin. Removed that item, and problem solved!