We have recently had to dcpromo /forceremoval for a couple of DCs
Is this a temporary failure or does it indicate damage or corruption to the ACtive Directory?
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 16/12/2020 22:32:59
Event ID: 1411
Task Category: DS RPC Client
Level: Error
Keywords: Classic
User: ANONYMOUS LOGON
Computer: 00DC2.Domain.local
Description:
Active Directory Domain Services failed to construct a mutual authentication service principal name (SPN) for the following directory service.
Directory service:
6a23053d-de41-40a1-b53e-d48219f2ac87._msdcs.Domain.local
The call was denied. Communication with this directory service might be affected.
Additional Data
Error value:
8589 The DS cannot derive a service principal name (SPN) with which to mutually authenticate the target server because the corresponding server object in the local DS database has no serverReference attribute.
Event Xml:
1411
0
2
22
0
0x8080000000000000
44610
Directory Service
00DC2.Domain.local
6a23053d-de41-40a1-b53e-d48219f2ac87._msdcs.Domain.local
The DS cannot derive a service principal name (SPN) with which to mutually authenticate the target server because the corresponding server object in the local DS database has no serverReference attribute.
8589
