DCDIAG SPN WARNING

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

When I run dcdiag on one of my DC's All the test are passed but I receive
the following warnings what service principal name registration are they
referring too.


LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'abcd.xxx-xx-xxx.com'.
[WARNING] Failed to query SPN registration on DC 'efgh.xxx-xx-xxx.com'.
[WARNING] Failed to query SPN registration on DC 'ijkl.xxx-xx-xxx.com'.
[WARNING] Failed to query SPN registration on DC 'mnop.xxx-xx-xxx.com''.

Is there something that needs to be done. How do I register a Service
Principal name for all these DC's. Soon one of these DC's will be demoted,
and I will be left with only 3 DC's

Thank you
JC.
 
You can try dcdiag/fix and netdiag/fix and see if you can fix the problem.

br,
Denis
 
I have already tried that and yet these warnings dont disappear.

Jc

Denis Wong @ Hong Kong said:
You can try dcdiag/fix and netdiag/fix and see if you can fix the problem.

br,
Denis

jc said:
When I run dcdiag on one of my DC's All the test are passed but I receive
the following warnings what service principal name registration are they
referring too.


LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'abcd.xxx-xx-xxx.com'.
[WARNING] Failed to query SPN registration on DC 'efgh.xxx-xx-xxx.com'.
[WARNING] Failed to query SPN registration on DC 'ijkl.xxx-xx-xxx.com'.
[WARNING] Failed to query SPN registration on DC 'mnop.xxx-xx-xxx.com''.

Is there something that needs to be done. How do I register a Service
Principal name for all these DC's. Soon one of these DC's will be demoted,
and I will be left with only 3 DC's

Thank you
JC.
Click to expand...
Click to expand...
 
What SP level is this DC at, and is the NetBIOS name different to the DNS
name. e.g. domain-name.com and DOMAINNAME?

If so this is a bug in netdiag, and was fixed in SP3.
 
It doesnt matter what sp the dc is at , because even if I run the command
from a dc with sp3 or sp4 I still ger the same error. I have 4 dc's 2 running
at sp3 and 2 running at sp4.

yes the domain name in my computer properties is seen as abcd-xy-efg.com ,
but when the users login from their systems it shows the name as axe....?

Why and how is that ??

Thx
JC
 
yes the domain name in my computer properties is seen as abcd-xy-efg.com ,
but when the users login from their systems it shows the name as axe....?
Click to expand...

That's because the Winlogon box shows the NetBT name -not the DNS name.
This is fine.
 
Download and install the latest version of the support tools. Service
packing a machine doesn't update them automatically. Install them and run
netdiag /fix and then run the tests again.
 
Same result . I have downloaded the latest sp4 support tools. The netdiag
version is 5.0.2195.2104.
Is this the right one ? On MS Site the latest version is 5.0.2195.2101

Thx
JC
 
jc said:
When I run dcdiag on one of my DC's All the test are passed but I receive
the following warnings what service principal name registration are they
referring too.


LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'abcd.xxx-xx-xxx.com'.
[WARNING] Failed to query SPN registration on DC 'efgh.xxx-xx-xxx.com'.
[WARNING] Failed to query SPN registration on DC 'ijkl.xxx-xx-xxx.com'.
[WARNING] Failed to query SPN registration on DC 'mnop.xxx-xx-xxx.com''.

Is there something that needs to be done. How do I register a Service
Principal name for all these DC's. Soon one of these DC's will be demoted,
and I will be left with only 3 DC's

Thank you
JC.
Click to expand...

JC.

The easiest way is to select one DC to be your primary DNS server, set all
the "child" DC's to use the primary DNS first, then drop to a command prompt
and type 'netdiag /fix'

That clears up my SPN issues when they arise.

HTH,

AJ Schroeder
 
Yes, that will sort DNS registration issues, and therefore a host of other
problems that stem from missing or incorrect SRV records.

However, that was and is a bug --fixed in the newer version of the tool ;-)
 
Back
Top