CIFS SPN Missing

windows active-directory kerberos
6,903

I was unaware such and SPN existed... so I checked... My domain has no such SPN, and I'm not having the problem you described either


C:>setspn -L mydomain.com
FindDomainForAccount: Call to DsGetDcNameWithAccountW failed with return value 0x00000525
Could not find account mydomain.com
The command you posted attempts to ADD a new SPN. But with only the domain name, you are not providing an account name to add the SPN to. Perhaps you could tell us more about the error on the workstations. What is the full text of the error? what event number is it?

Share:
6,903

Related videos on Youtube

Jesus Lopez
Author by

Jesus Lopez

Updated on September 18, 2022

Comments

  • Jesus Lopez
    Jesus Lopez over 1 year

    My domain does not have a SPN for CIFS/mydomain.com. My DC is throwing ErrorCode: KDC_ERR_S_PRINCIPAL_UNKNOWN. There are a number of windows workstations on the domain that are trying to use this SPN.

    setspn -a cifs/corp.com.au corp.com.au FindDomainForAccount: Call to DsGetDcNameWithAccountW failed with return value 0x00000525 Unable to locate account corp.com.au

    What problems would this cause? Should this SPN be there by default?

  • Jesus Lopez
    Jesus Lopez over 11 years
    That is the full text of the error. According to social.technet.microsoft.com/wiki/contents/articles/… the account name can be the domain name for services that are used domain wide.
  • Jesus Lopez
    Jesus Lopez over 11 years
    I imagine that accessing //mydomain.com/netlogon using kerberos would require cifs/mydomain.com SPN; but without it the negotiate service will fallback to NTLM.
  • jojojoj
    jojojoj over 11 years
    Thats a rather long article, and I can't find a section that talks about the domain itself having a SPN. It DOES talk about each DC having it's own SPN. When you browse \\mydomain.com\netlogon, you're getting a DFS referral to a specific DC, and it's probably then that the SPN comes into play. What does SETSPN -L say for each DC you have? What OS are these DC's? Are you getting event 11 from here support.microsoft.com/kb/321044 ? Are you getting event 1645 from here support.microsoft.com/kb/308111 ?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Is it possible to switch to Kerberos only Windows domain
Why should I not run setspn.exe on the domain controller?
Active Directory Kerberos issue KDC_ERR_S_PRINCIPAL_UNKNOWN
0x19 KDC_ERR_PREAUTH_REQUIRED in my event log
Add new server to Server Manager, get Kerberos error 0x80090322
How to remotely generate Windows AD Kerberos keytab from a Unix machine?
Track Down Which Process/Program is Causing Kerberos pre-authentication error (Code 0x18)
Can someone please explain Windows Service Principle Names (SPNs) without oversimplifying?
What goes on when using kinit with a keytab file
Joining an Active Directory domain using netdom