Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Source: Active Directory|
The Directory Service received a failure while trying to perform an authenticated RPC call to another Domain Controller. The failure is that the desired Service Principal Name (SPN) is not registered on the target server. The server being contacted is <server>. The SPN being used is <SPN>. Please verify that the names of the target server and domain are correct. Please also verify that the SPN is registered on the computer account object for the target server on the KDC servicing the request. If the target server has been recently promoted- it will be necessary for knowledge of this computer's identity to replicate to the KDC before this computer can be authenticated.
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is a directory service?
As per Microsoft: "Wait for the SPNs to be updated
This problem is most likely caused by a recent status change in a domain controller, such as a recent promotion. Another possibility is that a domain controller has a transient link error. Both of these situations should resolve themselves automatically in approximately 15 minutes. If the event appears after another 15 minutes, check the Service Principal Names (SPNs) on the domain controller that is reporting the event. Perform the following procedure on the domain controllers that are hosting the partition that cannot be replicated. To ensure that the SPNs are updated:
1. Open a command prompt as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
2. Run the command setspn -l hostname, where hostname is the actual host name of the domain controller. This command displays the SPNs that the domain controller has registered.
3. Ensure that the domain name in each SPN listing is correct.
4. If the SPNs are not correct, run the command repadmin /syncall domainname, where domainname is the name of the domain of the domain controller.
5. Wait 15 minutes, and then run the setspn -l hostname command again and review the registered SPNs.
If the SPNs not corrected automatically after the domain has fully replicated, correct the SPNs manually". See "TechNet Event ID 1645 - Replication Changes" for more information.
As per Microsoft: "Active Directory did not perform an authenticated remote procedure call (RPC) to another domain controller because the desired service principal name (SPN) for the destination domain controller is not registered on the Key Distribution Center (KDC) domain controller that resolves the SPN". See MSW2KDB for information on this event.
|Private comment: Subscribers only. See example of private comment|
|Links: TechNet Event ID 1645 - Replication Changes, MSW2KDB|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated