Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
The WinRM service failed to create the following SPN: <spn>
The error received was <error>
The SPN can be created by an administrator using setspn.exe utility.
|English: Request a translation of the event description in plain English.|
According to a newsgroup post the following steps will clear the error:
dsacls "CN=AdminSDHolder, CN=System, DC=microsoft, DC=com" /g "NETWORK SERVICE:WS, Validated write to service principal name"
(replace microsoft, com with your AD domain name)
Wait an hour, then restart the WinRM service.
Here's how I resolved this error. This was specifically on SBS 2008 servers but may work for other OS's.
1. From an administrative command-line, run setspn -R -S <SERVERNAME>
2. Open adsiedit.msc. Connect to Default Naming Context. Expand domain. Expand Domain Controllers OU. Select Properties of domain controller object. Select Security tab. Click Advanced button. Click Add button. Type "network" and click OK button. Select "NETWORK SERVICE" name and click OK button. Change "Apply to" to "This object only". Scroll to bottom of Permissions list and select Allow checkbox for "Validated write to service principal name". Click OK button. Click OK button. Click OK button.
3. Restart WinRM service.
I used the suggestions on TD348559 to fix this problem on Windows 2008 R2.
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
|Custom search for *****: Google - Bing - Microsoft - Yahoo|
Send comments or solutions
- Notify me when updated