Event ID: 5788, NETLOGON & possible solution?



We have a single Windows 2000 Server acting as Primary Domain
Controller. We do not run our own DNS on this machine, it runs on a
remote server.

Win2k users' machines event logs are filled with

Event ID: 5788
Attempt to update HOST Service Principal Names (SPNs) of the computer
object in Active Directory failed.
The updated values were '<UNAVAILABLE>' and '<UNAVAILABLE>'.
The following error occurred: The security context could not be
established due to a failure in the requested quality of service (e.g.
mutual authentication or delegation).

In my research on this error, I have found this solution being

Active Directory Users and Computers ==>
Computers ==>
Select the Computer object getting the errors ==>
Properties ==>
Give Authenticated Users Full Control ==>
Restart that PC

I have performed these steps on the server's AD for my Computer object
as a test and, indeed, it has stopped the netlogon errors.

However, are there nefarious consequences to performing the above
steps? Eg: Does giving authenticated users full control over their
computer object override the restrictions imposed on them through
Group Policy, for example?



Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question