Failed to query SPN registration?

[Dave Harris]

History - rebuilt a Win2K Domain controller and recreated a domain
with the same domain name as it

was previous to the build.

All laptops (different types, Dell and Toshiba) and some desktops now
do not receive group

policy updates. Errors in Event Viewer are thus :

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1054
Date: 30/07/2004
Time: 17:18:02
User: NT AUTHORITY\SYSTEM
Computer: BH053
Description:
Windows cannot obtain the domain controller name for your computer
network. (The specified

domain either does not exist or could not be contacted. ). Group
Policy processing aborted.

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

AND

Occasionally this one :

Event Type: Error
Event Source: UserInit
Event Category: None
Event ID: 1000
Date: 12/08/2004
Time: 08:57:48
User: N/A
Computer: BH039
Description:
Could not execute the following script

\\big-hand.co.uk\SysVol\big-hand.co.uk\scripts\Marketing.bat.
Configuration information

could not be read from the domain controller, either because the
machine is unavailable, or

access has been denied.
..

However, the Home drive (P specified in the AD User Profile always
gets mapped! Only the bat

files described above do not get mapped.

What I have done :

a) Nslookup tests successful.
b) Checked Permissions on netlogon share - successful
c) Stopped IPSec Service on Domain Controller.
d) Taken machines off the domain and put them back on - this seems to
sort it out for a bit but then problem returns.

When I run netdiag everything is okay apart from one thing...During
the LDAP query I get 'Failed to query SPN registration on DC
'xxxx.xxx-xxx.co.uk' What is it trying to do here and is this error
anything to be worry about? I have looked at setspn.exe on the
Support Tools/Resource Kit and I can see the entries for SPN when I
use adsiedit.msc. So, why can't the netdiag query it? I am running it
as Domain Admin.

Other facts :

Firewalls have been disabled and problem still exists.
Freshly built new machines also have this problem.
Only 1 Domain Controller on this Domain. Win2K Server Service Pack 3
? Surely this is not an SP4 problem??

Can anybody help me? Users are getting frustrated!

Thanks,

 

[Guest]

Run a Dcdiag /v >dcdiag.txt
In there is will list all of the registered SPN's and should report any
errors of ones that are not registered.
If clients are disjoined and rejoined do you see a 1704 event in the
application log and/or gpresult confirms that the group policy was applied?

Are you seeing any events in event viewer on the DC that point to any
problems?

 

[Dave Harris]

Run a Dcdiag /v >dcdiag.txt
In there is will list all of the registered SPN's and should report any
errors of ones that are not registered.
If clients are disjoined and rejoined do you see a 1704 event in the
application log and/or gpresult confirms that the group policy was applied?

Are you seeing any events in event viewer on the DC that point to any
problems?

-----------------------------------------------------------------------------
James,

If I rejoin clients to the domain then yes they do get the SceCli 1704
event for a couple of times and then seem to resort back to not
getting the Group Policies.

Updated to SP4 and also ran dcdiag /v I have pasted the SPN
information from this as presumably you don't need to see anything
else? (Everything else didn't have any errors). Here it is below....



Starting test: MachineAccount
* SPN found :LDAP/bhdc.big-hand.co.uk/big-hand.co.uk
* SPN found :LDAP/bhdc.big-hand.co.uk
* SPN found :LDAP/BHDC
* SPN found :LDAP/bhdc.big-hand.co.uk/BIGHAND
* SPN found
:LDAP/24a91a51-7e64-4514-8a91-18eae7fbd615._msdcs.big-hand.co.uk
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/24a91a51-7e64-4514-8a91-18eae7fbd615/big-hand.co.uk
* SPN found :HOST/bhdc.big-hand.co.uk/big-hand.co.uk
* SPN found :HOST/bhdc.big-hand.co.uk
* SPN found :HOST/BHDC
* SPN found :HOST/bhdc.big-hand.co.uk/BIGHAND
* SPN found :GC/bhdc.big-hand.co.uk/big-hand.co.uk
......................... BHDC passed test MachineAccount

A few other things I have noticed in Event Viewer on the DC. The
licensing service is saying that Windows 2000 and IIS is out of
licenses? Could this be anything to do with it?

Also, one of my XP laptops is giving this error on the Domain
Controller "The Master Browser has received a Server announcement from
the machine "BH053" - this is one of the machines having the problem
and is only running XP Pro. Why is this machine doing this?

Also, when I rebooted the Domain Controller, I got the following 2
errors (not sure whether these are anything to do with the situation?

Event Type: Warning
Event Source: RSVP
Event Category: None
Event ID: 10035
Date: 14/08/2004
Time: 11:58:48
User: N/A
Computer: BHDC
Description:
This host can not be ACS since the Active Directory has not been
properly configured via the QoS ACS management console. Please
configure the subnets via the QoS ACS mangement console.

Event Type: Warning
Event Source: RSVP
Event Category: None
Event ID: 10047
Date: 14/08/2004
Time: 11:58:48
User: N/A
Computer: BHDC
Description:
QoS RSVP has failed to find any interfaces with traffic control
enabled. Install QoS traffic control services via network and dial-up
connections.

Thanks for your help.