- Feb 10, 2001
- 9,837
- 0
- 0
I'm looking at the Event Logs for a company that we support, and the single DC on the <domainname>.co.uk forest is reporting the following error:
Event Type: Error
Event Source: NTDS Replication
Event Category: Replication
Event ID: 1411
Date: 10/11/2005
Time: 12:06:51
User: Everyone
Computer: <server>
Description:
The Directory Service failed to construct a mutual authentication Service Principal Name (SPN) for server <domain>. The call is denied. The error was:
A Service Principal Name (SPN) could not be constructed because the provided hostname is not in the necessary format.
The record data is the status code.
Data:
0000: 6a 21 00 00 j!..
(I've removed the Server and Domain names obviously)
Looking at: http://support.microsoft.com/default.aspx?scid=kb;en-us;257623 it would appear that it's using a disjoint namespace, and to correct a certain registry key to include the Domain and NVDomain keys (which are currently both blank). All other machines on the network are using <name>.<domain>.co.uk.
Is it safe to alter these values using the MS-provided VB script? Should we export the Parameters branch first in case something goes tits-up?
Lastly, what implications will we have if we leave this alone? It's currently one DC and three member servers, ~40-50 workstations at any given time. The member servers again all have the FQDN in their Network Identification tabs. One is Windows 2000 TS, one is NT 4 Server and the last is a Redhat box. They're all Service Pack'ed up.
Any help would be appreciated!
Event Type: Error
Event Source: NTDS Replication
Event Category: Replication
Event ID: 1411
Date: 10/11/2005
Time: 12:06:51
User: Everyone
Computer: <server>
Description:
The Directory Service failed to construct a mutual authentication Service Principal Name (SPN) for server <domain>. The call is denied. The error was:
A Service Principal Name (SPN) could not be constructed because the provided hostname is not in the necessary format.
The record data is the status code.
Data:
0000: 6a 21 00 00 j!..
(I've removed the Server and Domain names obviously)
Looking at: http://support.microsoft.com/default.aspx?scid=kb;en-us;257623 it would appear that it's using a disjoint namespace, and to correct a certain registry key to include the Domain and NVDomain keys (which are currently both blank). All other machines on the network are using <name>.<domain>.co.uk.
Is it safe to alter these values using the MS-provided VB script? Should we export the Parameters branch first in case something goes tits-up?
Lastly, what implications will we have if we leave this alone? It's currently one DC and three member servers, ~40-50 workstations at any given time. The member servers again all have the FQDN in their Network Identification tabs. One is Windows 2000 TS, one is NT 4 Server and the last is a Redhat box. They're all Service Pack'ed up.
Any help would be appreciated!