Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
The program svchost.exe with the assigned process ID 708 could not authenticate locally by using the target name RestrictedKrbHost/OCSPoolName.domain.name. The target name used is not valid. A target name should refer to one of the local computer names for example the DNS host name.
Try a different target name.
|English: Request a translation of the event description in plain English.|
Peter Van Gils
Click Start, click Run, type regedit, and then click OK. In Registry Editor, locate and then click the following registry key:
Right-click MSV1_0, point to New, and then click Multi-String Value.
Type BackConnectionHostNames, and then press ENTER.
Right-click BackConnectionHostNames, and then click Modify.
In the Value data box, type the URL mentioned in the above warning event, and then click OK.
Quit Registry Editor, and then reboot.
From a support forum: This settings should fix it:
The server must be restarted for the settings to take effect. See ME896861 for details about these registry settings.
If you installed a Office communication Server 2007 R2 Front-End server and see this event then when your Server gets refered with your OCS Pool name and this SPN is not assigned to this server we get above mentioned event from LsaSrv. To resolve this we simply need to add one spn for your Front-end server as following and you should be good.
setspn -a RestrictedKrbHost/<FQDN_OCS_Pool_Name> <Front_End_Server>
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
|Custom search for *****: Google - Bing - Microsoft - Yahoo|
Send comments or solutions
- Notify me when updated