Lemonde
  • Lemonde
  • 100% (Exalted)
  • Advanced Member Topic Starter
3 years ago
We have recently had to dcpromo /forceremoval for a couple of DCs

Is this a temporary failure or does it indicate damage or corruption to the ACtive Directory?

Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 16/12/2020 22:32:59
Event ID: 1411
Task Category: DS RPC Client
Level: Error
Keywords: Classic
User: ANONYMOUS LOGON
Computer: 00DC2.Domain.local
Description:
Active Directory Domain Services failed to construct a mutual authentication service principal name (SPN) for the following directory service.

Directory service:
6a23053d-de41-40a1-b53e-d48219f2ac87._msdcs.Domain.local

The call was denied. Communication with this directory service might be affected.

Additional Data
Error value:
8589 The DS cannot derive a service principal name (SPN) with which to mutually authenticate the target server because the corresponding server object in the local DS database has no serverReference attribute.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS KCC" />
    <EventID Qualifiers="49152">1411</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>22</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2020-12-16T22:32:59.149837900Z" />
    <EventRecordID>44610</EventRecordID>
    <Correlation />
    <Execution ProcessID="568" ThreadID="1492" />
    <Channel>Directory Service</Channel>
    <Computer>00DC2.Domain.local</Computer>
    <Security UserID="S-1-5-7" />
  </System>
  <EventData>
    <Data>6a23053d-de41-40a1-b53e-d48219f2ac87._msdcs.Domain.local</Data>
    <Data>The DS cannot derive a service principal name (SPN) with which to mutually authenticate the target server because the corresponding server object in the local DS database has no serverReference attribute.</Data>
    <Data>8589</Data>
  </EventData>
</Event>

Sponsor

Want to thank us? Use: Patreon or PayPal or Bitcoins: 3GJia7gLLY8V8eYBf5Q3RjCrNV8kZC3aNn

All opinions expressed within these pages are sent in by members of the public or by our staff in their spare time, and as such do not represent any opinion held by sircles.net Ltd or their partners.


sirclesadmin
3 years ago
If it ceases after four hours then it is just due to replication of the force removed DC replicating around the domain.