Active Directory Error 1411
One games Xbox 360 games PC 8589 the ds cannot derive a service principal name (spn) with which to mutually authenticate games Windows games Windows phone games Entertainment All metadata cleanup Entertainment Movies & TV Music Business & Education Business Students & educators Developers Sale Sale Find a store Gift cards Products Software & services Windows Office Free downloads & security Internet Explorer Microsoft Edge Skype OneNote OneDrive Microsoft Health MSN Bing Microsoft Groove Microsoft Movies & TV Devices & Xbox All Microsoft devices Microsoft Surface All Windows PCs & tablets PC accessories Xbox & games Microsoft Band Microsoft Lumia All Windows phones Microsoft HoloLens For business Cloud Platform Microsoft Azure Microsoft Dynamics Windows for business Office for business Skype for business Surface for business Enterprise solutions Small business solutions Find a solutions provider Volume Licensing For developers & IT pros Develop Windows apps Microsoft Azure MSDN TechNet Visual Studio For students & educators Office for students OneNote in classroom Shop PCs & tablets perfect for students Microsoft in Education Support Sign in Cart Cart Javascript is disabled Please enable javascript and refresh the page Cookies are disabled Please enable cookies and refresh the page CV: {{ getCv() }} English (United States) Terms of use Privacy & cookies Trademarks © 2016 Microsoft
Help Receive Real-Time Help Create a Freelance Project Hire for a Full Time Job Ways to Get Help Ask a Question Ask for Help Receive Real-Time Help Create a Freelance Project Hire for a Full Time Job Ways to Get Help Expand Search Submit Close Search Login Join Today Products BackProducts Gigs Live Careers Vendor Services Groups Website Testing Store Headlines Experts Exchange > Questions > Active Directory failed to construct a mutual authentication service principal name (SPN) for the domain controller. Want to Advertise Here? Solved Active Directory failed to construct a mutual authentication service principal name (SPN) for the domain controller. Posted on 2008-07-11 Windows Server 2003 Active Directory 1 Verified Solution 3 Comments 6,365 https://support.microsoft.com/en-us/kb/938704 Views Last Modified: 2010-04-21 I renamed a domain controller and now I get this error in the Event Viewer. The error is NOT on the server I renamed. I also checked DNS and this server does not exist. Does anyone know what I need to do to fix the error? I had some errors when I ran DCDIAG but the cleared themselves overnight. This is the only error left but it seems to only https://www.experts-exchange.com/questions/23557832/Active-Directory-failed-to-construct-a-mutual-authentication-service-principal-name-SPN-for-the-domain-controller.html show when I reboot the DC. Type: Error Source: NTDS Replication Category: DS RPC Client Event ID: 1411 User: NT AUTHORITY\ANONYMOUS LOGON Active Directory failed to construct a mutual authentication service principal name (SPN) for the following domain controller. Domain controller: 85083b31-7006-41f7-96f9-fdbbb28bf012._msdcs.mc.lan The call was denied. Communication with this domain controller might be affected. Additional Data Error value: 8589 The DS cannot derive a service principal name (SPN) with which to mutually authenticate the target server because the corresponding server object in the local DS database has no serverReference attribute. For more information, see Help and Support Center at 0 Question by:MCSF Facebook Twitter LinkedIn Google LVL 7 Best Solution byChristopher Martinez Basically this problem occrus if the domain controller cant find the domain controller that is required to replicate changes. These domain controllers are listed in the repsTo attribute of the directory Go to Solution 3 Comments LVL 7 Overall: Level 7 Windows Server 2003 2 Active Directory 1 Message Accepted Solution by:Christopher Martinez2008-07-11 Basically this problem occrus if the domain controller cant find the domain controller that is required to replicate changes. These domain controllers are listed in the repsTo attribute of the direc
Help Receive Real-Time Help Create a Freelance Project Hire for a Full Time Job Ways to Get Help Ask a Question Ask for Help Receive Real-Time Help Create a Freelance Project Hire for https://www.experts-exchange.com/questions/24826688/Active-Directory-Domain-Services-failed-to-construct-a-mutual-authentication-service-principal-name-SPN-for-the-following-directory-service.html a Full Time Job Ways to Get Help Expand Search Submit Close Search Login Join Today Products BackProducts Gigs Live Careers Vendor Services Groups Website Testing Store Headlines Experts Exchange > Questions http://microsoft.public.windows.server.active-directory.narkive.com/rDq4cjRk/repeat-event-1411-ntds-replication-error-please-help > Active Directory Domain Services failed to construct a mutual authentication service principal name (SPN) for the following directory service. Want to Advertise Here? Solved Active Directory Domain Services failed to active directory construct a mutual authentication service principal name (SPN) for the following directory service. Posted on 2009-10-20 Active Directory 1 Verified Solution 7 Comments 1,562 Views Last Modified: 2012-05-08 Yesterday I demoted a domain controller. Since early this morning I am seeing these messages every once in awhile on our PDC emulator DC. Yesterday I cleaned up all of the glue records and active directory error sites and services entries for the DC that I demoted that weren't removed automatically by dcpromo. If I check DNS for this directory service I can't even find it(or I'm not looking in the right spot). I am guessing this directory service listed is the old DC. How do I clean this up? * Event Time: 20 Oct 2009 07:52:01 AM * Source: NTDS General * Event Log: Directory Service * Type: Error Event * Event ID: 1411 * Active Directory Domain Services failed to construct a mutual authentication service principal name (SPN) for the following directory service. Directory service: 3d59abc1-5e7f-46c5-92e7-5ee14c2e47ad._msdcs.MosherCo.biz The call was denied. Communication with this directory service might be affected. Additional Data Error value: 8589 The DS cannot derive a service principal name (SPN) with which to mutually authenticate the target server because the corresponding server object in the local DS database has no serverReference attribute. 0 Question by:NBF Facebook Twitter LinkedIn Google Active 6 days ago Best Solution byNBF The problem cleared up on its own. Go to Solution 7 Comments LVL 70 Overall: Level 70 Active Directory 36 Message Expert Comment by:KCTS2009-
and for some reason sincethen its been repeatedly logging the above event 1411:Event Type: ErrorEvent Source: NTDS ReplicationEvent Category: DS RPC ClientEvent ID: 1411Date: 11/25/2006Time: 6:30:10 PMUser: NT AUTHORITY\ANONYMOUS LOGONComputer: WINDC004Description:Active Directory failed to construct a mutual authentication serviceprincipal name (SPN) for the following domain controller.Domain controller:07f2fd47-7699-4b71-b14a-adcbcd1e10aa._msdcs.domain.comThe call was denied. Communication with this domain controller might beaffected.Additional DataError value:8589 The DS cannot derive a service principal name (SPN) with which tomutually authenticate the target server because the correspondingserver object in the local DS database has no serverReferenceattribute.For more information, see Help and Support Center athttp://go.microsoft.com/fwlink/events.asp.I searched the web and everything else for solutions but can't seem tofind a proper fix, I've checked the DNS entries and their doesn'texists such a record............Can anyone provide some suggestions on how to resolve thisplease........... Zeno 2006-11-25 15:27:19 UTC PermalinkRaw Message What I've actually found is the SPN records its refereing to is twodcpromoted domain controllers.... I ran a the replications diag andfound SPNs correspond to two removed DCsIs there anyway I can get them out of the replication..... eg. willrebuilding the sites and services eg. delete the servers from sites andservices so they get recreated and recaluculated again.......Thanks............ Mike Shepperd 2006-11-26 04:17:32 UTC PermalinkRaw Message Yes. If you go into AD Sites and Services you can delete the existingconnection objects for those former DC's (or any DC's you want to, living ordead). If everything is healthy it'll rebuild automatically based on whatit needs (using a process that is complicated enough that I look it up inthe 2000 Server Resource Kit when I need to understand how it works). Ifyou're not getting automatically generated connection objects, it's usuallya sure sign that something is not working right, usually DNS.--Mike ShepperdSunfire Solutions LLCSeattle, WA[This posting is provided AS-IS, with no warranties and confers no rights]Post by ZenoWhat I've actually found is the SPN records its refereing to is twodcpromoted domain controllers.... I ran a the replications diag andfound SPNs correspond to two removed DCsIs there anyway I can get them out of the replication..... eg. willrebuilding the sites and services eg. delete the servers from sites andservices so they get recreated and recaluculated again.......Thanks............ Zeno 2006-11-26 05:28:12 UTC PermalinkRaw Message