Event ID 5788 & 5789, source Netlogon

[Scott]

I have a workstation that is not taking any group policy
information. It's the only one on my entire network. In
the Event Viewer i get the fallowing two errors repeatedly
one after the other;

Event ID: 5788
Source: NETLOGON
Description:
Attempt to update HOST Service Principal Names (SPNs) of
the computer object in Active Directory failed. The
updated values were '<UNAVAILABLE>' and '<UNAVAILABLE>'.
The following error occurred:
The security context could not be established due to a
failure in the requested quality of service (e.g. mutual
authentication or delegation).

Event ID: 5789
Source: NETLOGON
Description:
Attempt to update DNS Host Name of the computer object
in Active Directory failed. The updated value was
<computer.domain>. The following error occurred:
The security context could not be established due to a
failure in the requested quality of service (e.g. mutual
authentication or delegation).

I have tried everything i can think of to get this
computer to see the GPO's. Please help!

-Scott
(e-mail address removed)

 

[Ace Fekay [MVP]]

In

I have a workstation that is not taking any group policy
information. It's the only one on my entire network. In
the Event Viewer i get the fallowing two errors repeatedly
one after the other;

Event ID: 5788
Source: NETLOGON
Description:
Attempt to update HOST Service Principal Names (SPNs) of
the computer object in Active Directory failed. The
updated values were '<UNAVAILABLE>' and '<UNAVAILABLE>'.
The following error occurred:
The security context could not be established due to a
failure in the requested quality of service (e.g. mutual
authentication or delegation).

Event ID: 5789
Source: NETLOGON
Description:
Attempt to update DNS Host Name of the computer object
in Active Directory failed. The updated value was
<computer.domain>. The following error occurred:
The security context could not be established due to a
failure in the requested quality of service (e.g. mutual
authentication or delegation).

I have tried everything i can think of to get this
computer to see the GPO's. Please help!

-Scott
(e-mail address removed)

An SPN (Service Principal Name) is the actual FQDN (fully qualified domain
name) of a machine in AD. The FQDN is based on the hostname's registration
in DNS.

THis error is normally usually indicative of using your ISP's DNS servers in
your IP properties.

However, in conjunction with the above, it can also be caused by other
issues, such as a single label DNS domain name, as it seems to appear from
your post about the message about your domain name. So not sure if you tried
to actrually mask that or not, but "computername.domain" is NOT the proper
form that AD requires. It MUST be in the form of computername.domain.com or
computername.domain.net or computername.domain.local. Make sense?

Can you post an (UNEDITED) ipconfig /all and state the AD DNS domain name as
it shows up in ADUC to give us a better start on diagnosing this? It would
really really help us if you try not to edit the actual domain names.

Thanks


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Scott Elgram]

Yes, you are correct, this is a single label domain, the AD DNS name is
CREDENTALS.
On another board I was told to try some registry edits detailed in
http://support.microsoft.com/default.aspx?scid=kb;en-us;300684&FR=1. I
applied the suggested settings to the computer in question but had no luck.

The computer is running Windows 2000 SP4
This is the ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : CS01
Primary DNS Suffix . . . . . . . : CREDENTALS
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : CREDENTALS

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82559 Fast Ethernet LOM
with Alert on LAN*
Physical Address. . . . . . . . . : 00-D0-B7-79-73-6B
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.30
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.3
DNS Servers . . . . . . . . . . . : 192.168.0.2


--
-Scott Elgram
IT/Systems Support
VerifPoint/CreDENTALs
(949)770-5290 ext. 26
"Ace Fekay [MVP]"

 

[Ace Fekay [MVP]]

In

Yes, you are correct, this is a single label domain, the AD DNS name
is CREDENTALS.
On another board I was told to try some registry edits detailed in
http://support.microsoft.com/default.aspx?scid=kb;en-us;300684&FR=1.
I applied the suggested settings to the computer in question but had
no luck.

The computer is running Windows 2000 SP4
This is the ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : CS01
Primary DNS Suffix . . . . . . . : CREDENTALS
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : CREDENTALS

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82559 Fast
Ethernet LOM with Alert on LAN*
Physical Address. . . . . . . . . : 00-D0-B7-79-73-6B
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.30
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.3
DNS Servers . . . . . . . . . . . : 192.168.0.2

Yes, I saw your post in the DNS newsgroup. I responded in there, in
conjunction with Kevin's responses. Hope they helped out.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory