We have recently had to dcpromo /forceremoval for a couple of DCs
Is this a temporary failure or does it indicate damage or corruption to the ACtive Directory?
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 16/12/2020 22:32:59
Event ID: 1411
Task Category: DS RPC Client
Level: Error
Keywords: Classic
User: ANONYMOUS LOGON
Computer: 00DC2.Domain.local
Description:
Active Directory Domain Services failed to construct a mutual authentication service principal name (SPN) for the following directory service.
Directory service:
6a23053d-de41-40a1-b53e-d48219f2ac87._msdcs.Domain.local
The call was denied. Communication with this directory service might be affected.
Additional Data
Error value:
8589 The DS cannot derive a service principal name (SPN) with which to mutually authenticate the target server because the corresponding server object in the local DS database has no serverReference attribute.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS KCC" />
<EventID Qualifiers="49152">1411</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>22</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2020-12-16T22:32:59.149837900Z" />
<EventRecordID>44610</EventRecordID>
<Correlation />
<Execution ProcessID="568" ThreadID="1492" />
<Channel>Directory Service</Channel>
<Computer>00DC2.Domain.local</Computer>
<Security UserID="S-1-5-7" />
</System>
<EventData>
<Data>6a23053d-de41-40a1-b53e-d48219f2ac87._msdcs.Domain.local</Data>
<Data>The DS cannot derive a service principal name (SPN) with which to mutually authenticate the target server because the corresponding server object in the local DS database has no serverReference attribute.</Data>
<Data>8589</Data>
</EventData>
</Event>
Edited by moderator
a year ago
|
Reason: Not specified
