General discussion

Locked

Getting this on a W2k Workstation

By mgonzales ·
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event I 5788
Date: 11/07/2003
Time: 2:54:06 PM
User: N/A
Computer: WC0119
Description:
Attempt to update HOST Service Principal Names (SPNs) of the computer object in Active Directory failed.
The updated values were '<UNAVAILABLE>' and '<UNAVAILABLE>'. The following error occurred:
The security context could not be established due to a failure in the requested quality of
service (e.g. mutual authentication or delegation).
Data:

Now the DNS Setting are correct, and the workstation works on the domain just fine. All Domain controllers are W2k AD.

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by kmcniff In reply to Getting this on a W2k Wor ...

In the Microsoft Knowledgebase, look at the following:
Microsoft Knowledge Base Article - 257734
in short:
You may receive the following Event ID messages in the system event log on a Microsoft Windows 2000-based member server or workstation:
Event ID 5788:

Source Netlogon:
Error Message: Attempt to update Host Service Principal Names (SPNs) of the computer object in Active Directory failed. The updated values were UNAVAILABLE and UNAVAILABLE. The following error occurred: Error message
RESOLUTION
see below

Microsoft Knowledge Base Article - 258503
in short:
This behavior can occur if the DNS domain name for the computer does not match the Active Directory domain name. Specifically, the Change primary DNS suffix when domain membership changes check box has been cleared, and contains a DNS domain different from the Active Directory domain of which the computer is a member. To view this check box, right-click My Computer, click Properties, and then click the Network Identification tab.

The 5788 and 5789 errors occur because a default Windows 2000-based computer account does not have sufficient permissions to perform an LDAP modify of the DNSHOSTNAME and SPNNAME attributes when the new value being written differs from the existing value(s). Writing the new value to a computer account with null DNSHOSTNAME and SPNNAME attributes succeeds. Similarly, granting machine accounts sufficient permissions allows the update to occur without error.
RESOLUTION
If the disjoint namespace is unintended, click to select the Change primary DNS suffix when domain membership changes check box and reboot the computer.

For more complete details and other causes of this error see the articles on support.microsoft.com

Collapse -

by mgonzales In reply to

Poster rated this answer.

Collapse -

by mgonzales In reply to Getting this on a W2k Wor ...

This question was closed by the author

Back to Windows Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums