Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 10154 Source: Microsoft-Windows-WinRM

The WinRM service failed to create the following SPN: <spn>

Additional Data
The error received was <error>

User Action
The SPN can be created by an administrator using setspn.exe utility.
According to a newsgroup post the following steps will clear the error:

dsacls "CN=AdminSDHolder, CN=System, DC=microsoft, DC=com" /g "NETWORK SERVICE:WS, Validated write to service principal name"

(replace microsoft, com with your AD domain name)

Wait an hour, then restart the WinRM service.
Here's how I resolved this error. This was specifically on SBS 2008 servers but may work for other OS's.

1. From an administrative command-line, run setspn -R -S <SERVERNAME>
2. Open adsiedit.msc. Connect to Default Naming Context. Expand domain. Expand Domain Controllers OU. Select Properties of domain controller object. Select Security tab. Click Advanced button. Click Add button. Type "network" and click OK button. Select "NETWORK SERVICE" name and click OK button. Change "Apply to" to "This object only". Scroll to bottom of Permissions list and select Allow checkbox for "Validated write to service principal name". Click OK button. Click OK button. Click OK button.
3. Restart WinRM service.
I used the suggestions on TD348559 to fix this problem on Windows 2008 R2.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.