Event ID 5788 & 5789, source Netlogon

Discussion in 'Microsoft Windows 2000 Active Directory' started by Scott, Dec 23, 2003.

  1. Scott

    Scott Guest

    I have a workstation that is not taking any group policy
    information. It's the only one on my entire network. In
    the Event Viewer i get the fallowing two errors repeatedly
    one after the other;

    Event ID: 5788
    Source: NETLOGON
    Description:
    Attempt to update HOST Service Principal Names (SPNs) of
    the computer object in Active Directory failed. The
    updated values were '<UNAVAILABLE>' and '<UNAVAILABLE>'.
    The following error occurred:
    The security context could not be established due to a
    failure in the requested quality of service (e.g. mutual
    authentication or delegation).

    Event ID: 5789
    Source: NETLOGON
    Description:
    Attempt to update DNS Host Name of the computer object
    in Active Directory failed. The updated value was
    <computer.domain>. The following error occurred:
    The security context could not be established due to a
    failure in the requested quality of service (e.g. mutual
    authentication or delegation).

    I have tried everything i can think of to get this
    computer to see the GPO's. Please help!

    -Scott
     
    Scott, Dec 23, 2003
    #1
    1. Advertisements

  2. In
    An SPN (Service Principal Name) is the actual FQDN (fully qualified domain
    name) of a machine in AD. The FQDN is based on the hostname's registration
    in DNS.

    THis error is normally usually indicative of using your ISP's DNS servers in
    your IP properties.

    However, in conjunction with the above, it can also be caused by other
    issues, such as a single label DNS domain name, as it seems to appear from
    your post about the message about your domain name. So not sure if you tried
    to actrually mask that or not, but "computername.domain" is NOT the proper
    form that AD requires. It MUST be in the form of computername.domain.com or
    computername.domain.net or computername.domain.local. Make sense?

    Can you post an (UNEDITED) ipconfig /all and state the AD DNS domain name as
    it shows up in ADUC to give us a better start on diagnosing this? It would
    really really help us if you try not to edit the actual domain names.

    Thanks


    --
    Regards,
    Ace

    Please direct all replies to the newsgroup so all can benefit.
    This posting is provided "AS IS" with no warranties.

    Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
    Microsoft Windows MVP - Active Directory
     
    Ace Fekay [MVP], Dec 24, 2003
    #2
    1. Advertisements

  3. Scott

    Scott Elgram Guest

    Yes, you are correct, this is a single label domain, the AD DNS name is
    CREDENTALS.
    On another board I was told to try some registry edits detailed in
    http://support.microsoft.com/default.aspx?scid=kb;en-us;300684&FR=1. I
    applied the suggested settings to the computer in question but had no luck.

    The computer is running Windows 2000 SP4
    This is the ipconfig /all

    Windows 2000 IP Configuration

    Host Name . . . . . . . . . . . . : CS01
    Primary DNS Suffix . . . . . . . : CREDENTALS
    Node Type . . . . . . . . . . . . : Broadcast
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : CREDENTALS

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) 82559 Fast Ethernet LOM
    with Alert on LAN*
    Physical Address. . . . . . . . . : 00-D0-B7-79-73-6B
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.0.30
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.0.3
    DNS Servers . . . . . . . . . . . : 192.168.0.2


    --
    -Scott Elgram
    IT/Systems Support
    VerifPoint/CreDENTALs
    (949)770-5290 ext. 26
    "Ace Fekay [MVP]"
     
    Scott Elgram, Dec 24, 2003
    #3
  4. In

    Yes, I saw your post in the DNS newsgroup. I responded in there, in
    conjunction with Kevin's responses. Hope they helped out.

    --
    Regards,
    Ace

    Please direct all replies to the newsgroup so all can benefit.
    This posting is provided "AS IS" with no warranties.

    Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
    Microsoft Windows MVP - Active Directory
     
    Ace Fekay [MVP], Dec 24, 2003
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.