DCDIAG SPN WARNING

[JC]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

When I run dcdiag on one of my DC's All the test are passed but I receive
the following warnings what service principal name registration are they
referring too.


LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'abcd.xxx-xx-xxx.com'.
[WARNING] Failed to query SPN registration on DC 'efgh.xxx-xx-xxx.com'.
[WARNING] Failed to query SPN registration on DC 'ijkl.xxx-xx-xxx.com'.
[WARNING] Failed to query SPN registration on DC 'mnop.xxx-xx-xxx.com''.

Is there something that needs to be done. How do I register a Service
Principal name for all these DC's. Soon one of these DC's will be demoted,
and I will be left with only 3 DC's

Thank you
JC.

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

You can try dcdiag/fix and netdiag/fix and see if you can fix the problem.

br,
Denis

"jc" <jc@discussions.microsoft.com> wrote in message
news:91935C53-F426-4875-9B20-FCF9B9F36F50@microsoft.com...
> When I run dcdiag on one of my DC's All the test are passed but I
receive
> the following warnings what service principal name registration are they
> referring too.
>
>
> LDAP test. . . . . . . . . . . . . : Passed
> [WARNING] Failed to query SPN registration on DC
'abcd.xxx-xx-xxx.com'.
> [WARNING] Failed to query SPN registration on DC
'efgh.xxx-xx-xxx.com'.
> [WARNING] Failed to query SPN registration on DC
'ijkl.xxx-xx-xxx.com'.
> [WARNING] Failed to query SPN registration on DC
'mnop.xxx-xx-xxx.com''.
>
> Is there something that needs to be done. How do I register a Service
> Principal name for all these DC's. Soon one of these DC's will be demoted,
> and I will be left with only 3 DC's
>
> Thank you
> JC.
>

 

[JC]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I have already tried that and yet these warnings dont disappear.

Jc

"Denis Wong @ Hong Kong" wrote:

> You can try dcdiag/fix and netdiag/fix and see if you can fix the problem.
>
> br,
> Denis
>
> "jc" <jc@discussions.microsoft.com> wrote in message
> news:91935C53-F426-4875-9B20-FCF9B9F36F50@microsoft.com...
> > When I run dcdiag on one of my DC's All the test are passed but I
> receive
> > the following warnings what service principal name registration are they
> > referring too.
> >
> >
> > LDAP test. . . . . . . . . . . . . : Passed
> > [WARNING] Failed to query SPN registration on DC
> 'abcd.xxx-xx-xxx.com'.
> > [WARNING] Failed to query SPN registration on DC
> 'efgh.xxx-xx-xxx.com'.
> > [WARNING] Failed to query SPN registration on DC
> 'ijkl.xxx-xx-xxx.com'.
> > [WARNING] Failed to query SPN registration on DC
> 'mnop.xxx-xx-xxx.com''.
> >
> > Is there something that needs to be done. How do I register a Service
> > Principal name for all these DC's. Soon one of these DC's will be demoted,
> > and I will be left with only 3 DC's
> >
> > Thank you
> > JC.
> >
>
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

What SP level is this DC at, and is the NetBIOS name different to the DNS
name. e.g. domain-name.com and DOMAINNAME?

If so this is a bug in netdiag, and was fixed in SP3.


--
Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

 

[JC]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

It doesnt matter what sp the dc is at , because even if I run the command
from a dc with sp3 or sp4 I still ger the same error. I have 4 dc's 2 running
at sp3 and 2 running at sp4.

yes the domain name in my computer properties is seen as abcd-xy-efg.com ,
but when the users login from their systems it shows the name as axe....?

Why and how is that ??

Thx
JC

"ptwilliams" wrote:

> What SP level is this DC at, and is the NetBIOS name different to the DNS
> name. e.g. domain-name.com and DOMAINNAME?
>
> If so this is a bug in netdiag, and was fixed in SP3.
>
>
> --
> Paul Williams
>
> http://www.msresource.net/
> http://forums.msresource.net/
>
>
>

 

[JC]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

small clarrification, I get these warnings when I run netdiag and not
dcdiag.....



"jc" wrote:

> It doesnt matter what sp the dc is at , because even if I run the command
> from a dc with sp3 or sp4 I still ger the same error. I have 4 dc's 2 running
> at sp3 and 2 running at sp4.
>
> yes the domain name in my computer properties is seen as abcd-xy-efg.com ,
> but when the users login from their systems it shows the name as axe....?
>
> Why and how is that ??
>
> Thx
> JC
>
> "ptwilliams" wrote:
>
> > What SP level is this DC at, and is the NetBIOS name different to the DNS
> > name. e.g. domain-name.com and DOMAINNAME?
> >
> > If so this is a bug in netdiag, and was fixed in SP3.
> >
> >
> > --
> > Paul Williams
> >
> > http://www.msresource.net/
> > http://forums.msresource.net/
> >
> >
> >

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

> yes the domain name in my computer properties is seen as abcd-xy-efg.com ,
> but when the users login from their systems it shows the name as axe....?

That's because the Winlogon box shows the NetBT name -not the DNS name.
This is fine.

--
Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Download and install the latest version of the support tools. Service
packing a machine doesn't update them automatically. Install them and run
netdiag /fix and then run the tests again.

--
Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

 

[JC]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Same result . I have downloaded the latest sp4 support tools. The netdiag
version is 5.0.2195.2104.
Is this the right one ? On MS Site the latest version is 5.0.2195.2101

Thx
JC

"ptwilliams" wrote:

> Download and install the latest version of the support tools. Service
> packing a machine doesn't update them automatically. Install them and run
> netdiag /fix and then run the tests again.
>
> --
> Paul Williams
>
> http://www.msresource.net/
> http://forums.msresource.net/
>
>
>

 

[JC]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

The probelm was with the version of netdiag, I uniinstalled the support tools
package completely, and reinstalled the sp4 support tools package. the
version of netdiag changed(it is now 5.0.2195.6614), and now netdiag does not
show any of these warnings. Thank you for everybody's help( The reason I say
everybody is because I saw the same post posted on another site, on which I
am not a member and do not post ,but someone did try to help me there as
well.).
Thank You once again.
JC.

"jc" wrote:

> small clarrification, I get these warnings when I run netdiag and not
> dcdiag.....
>
>
>
> "jc" wrote:
>
> > It doesnt matter what sp the dc is at , because even if I run the command
> > from a dc with sp3 or sp4 I still ger the same error. I have 4 dc's 2 running
> > at sp3 and 2 running at sp4.
> >
> > yes the domain name in my computer properties is seen as abcd-xy-efg.com ,
> > but when the users login from their systems it shows the name as axe....?
> >
> > Why and how is that ??
> >
> > Thx
> > JC
> >
> > "ptwilliams" wrote:
> >
> > > What SP level is this DC at, and is the NetBIOS name different to the DNS
> > > name. e.g. domain-name.com and DOMAINNAME?
> > >
> > > If so this is a bug in netdiag, and was fixed in SP3.
> > >
> > >
> > > --
> > > Paul Williams
> > >
> > > http://www.msresource.net/
> > > http://forums.msresource.net/
> > >
> > >
> > >

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"jc" <jc@discussions.microsoft.com> wrote in message
news:91935C53-F426-4875-9B20-FCF9B9F36F50@microsoft.com...
> When I run dcdiag on one of my DC's All the test are passed but I
receive
> the following warnings what service principal name registration are they
> referring too.
>
>
> LDAP test. . . . . . . . . . . . . : Passed
> [WARNING] Failed to query SPN registration on DC
'abcd.xxx-xx-xxx.com'.
> [WARNING] Failed to query SPN registration on DC
'efgh.xxx-xx-xxx.com'.
> [WARNING] Failed to query SPN registration on DC
'ijkl.xxx-xx-xxx.com'.
> [WARNING] Failed to query SPN registration on DC
'mnop.xxx-xx-xxx.com''.
>
> Is there something that needs to be done. How do I register a Service
> Principal name for all these DC's. Soon one of these DC's will be demoted,
> and I will be left with only 3 DC's
>
> Thank you
> JC.
>

JC.

The easiest way is to select one DC to be your primary DNS server, set all
the "child" DC's to use the primary DNS first, then drop to a command prompt
and type 'netdiag /fix'

That clears up my SPN issues when they arise.

HTH,

AJ Schroeder

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Yes, that will sort DNS registration issues, and therefore a host of other
problems that stem from missing or incorrect SRV records.

However, that was and is a bug --fixed in the newer version of the tool ;-)

--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net