Failed to assign SPN to account '(null)', 0x57

P

PeteH

Getting a lot of Kerberos service ticket request failures.
Searching the Knowlegebase suggested that the SPN was not
registered for the service. Using the instructions from
the Knowlegebase I tried to register the SPN. I get the
following message when trying to register using SETSPN.
"Failed to assign SPN to account '(null)', 0x57"
SETSPN returns nothing if I try and list the SPN's for
various servers.
Useing ADSI Edit, I can look at the object for a server
and find SPN entires for that machine. But cannot bring
them up using SETSPN. I have tried prefixing with the
domain name but still no results.
Ex. SETSPN -L domainname\servername
 
S

Steve Dodson [MSFT]

If you use adsiedit.msc, does it allow the SPN to be created, and if so,
does it resolve the kerberos errors?

Steve Dodson [MSFT]
Directory Services
--------------------
Content-Class: urn:content-classes:message
From: "PeteH" <[email protected]>
Sender: "PeteH" <[email protected]>
Subject: Failed to assign SPN to account '(null)', 0x57
Date: Sun, 28 Dec 2003 05:36:33 -0800
Lines: 13
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcPNR5ukV8nLvgRPQJq3b2FzBCP43w==
Newsgroups: microsoft.public.win2000.active_directory
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.win2000.active_directory:60649
NNTP-Posting-Host: tk2msftngxa05.phx.gbl 10.40.1.49
X-Tomcat-NG: microsoft.public.win2000.active_directory

Getting a lot of Kerberos service ticket request failures.
Searching the Knowlegebase suggested that the SPN was not
registered for the service. Using the instructions from
the Knowlegebase I tried to register the SPN. I get the
following message when trying to register using SETSPN.
"Failed to assign SPN to account '(null)', 0x57"
SETSPN returns nothing if I try and list the SPN's for
various servers.
Useing ADSI Edit, I can look at the object for a server
and find SPN entires for that machine. But cannot bring
them up using SETSPN. I have tried prefixing with the
domain name but still no results.
Ex. SETSPN -L domainname\servername
Click to expand...


--

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.
 
P

PeteH

Using adsiedit.msc I can go to the properties and manually
add the SPN registration. After registering the service,
the "service ticket request failure" for that service
stops. My major concern is the inability to use the SETSPN
tool. It will not work on the "PDC" or the DC of the AD
domain.
-----Original Message-----
If you use adsiedit.msc, does it allow the SPN to be created, and if so,
does it resolve the kerberos errors?

Steve Dodson [MSFT]
Directory Services
--------------------
Content-Class: urn:content-classes:message
From: "PeteH" <[email protected]>
Sender: "PeteH" <[email protected]>
Subject: Failed to assign SPN to account '(null)', 0x57
Date: Sun, 28 Dec 2003 05:36:33 -0800
Lines: 13
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcPNR5ukV8nLvgRPQJq3b2FzBCP43w==
Newsgroups: microsoft.public.win2000.active_directory
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.win2000.active_directory:60649
NNTP-Posting-Host: tk2msftngxa05.phx.gbl 10.40.1.49
X-Tomcat-NG: microsoft.public.win2000.active_directory

Getting a lot of Kerberos service ticket request failures.
Searching the Knowlegebase suggested that the SPN was not
registered for the service. Using the instructions from
the Knowlegebase I tried to register the SPN. I get the
following message when trying to register using SETSPN.
"Failed to assign SPN to account '(null)', 0x57"
SETSPN returns nothing if I try and list the SPN's for
various servers.
Useing ADSI Edit, I can look at the object for a server
and find SPN entires for that machine. But cannot bring
them up using SETSPN. I have tried prefixing with the
domain name but still no results.
Ex. SETSPN -L domainname\servername
Click to expand...


--

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.

.
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Using SPN need to remove HTTP/Netbios 0
setspn -r returns Failed to crack name Domain\Servername into the FQDN, (0) 1 0x2 4
What no delegation tab 0
NETDIAG problem - SPN queries 2
impersonation using kerberos 2
URGENT: Error while running DCpromo 1
AD netlogon failure 3
DC Apparently lost authentication to domain 9

Top