• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 182
  • Last Modified:

2 primary errors on my W2K Server, A SPN could not be constructed because the provided host name is not in the necessary format and Unable to establish connection with the global catalog.

I have a W2K server which serves as the AD, DNS, DHCP, WINS, remote access and a file server for my network.  I recently added  a new 3ware raid 5 card and 3 drives to the server.  In order to facilitate this I had to move the 2 network cards to a new PCI slot.  I did not remove the cards from the device manager before I made the change as I figured that becuase they were the same cards it would not make a difference.  Ever since I made this change I have been getting the following 2 errors on the server in the Event Viewer under directory service, NTDS General error 1126 - unable to establish connection with the global catalog and NTDS Replication 1411 - The directory service failed to construct a mutual authentication Service Principle Name (SPN) for mlserver.  The call is denied.  The error was: A Service Principle Name (SPN) could not be constructed because the proviced hostname is not in the necessary format.  The record data is the status code
0000: 6a 21 00 00

How can I resolve this issue?

0
stoshsb
Asked:
stoshsb
  • 5
  • 4
2 Solutions
 
TannerManCommented:
It is usually contributed to this articles statements....

http://www.support.microsoft.com/default.aspx?id=257623
0
 
TannerManCommented:
I know when you first read that your going to be thinking.....NOPE, but if you look at the symptoms.....

A Service Principal Name (SPN) could not be constructed because the provided hostname is not in the necessary format
The Directory Service failed to create the server object

It is identical to your error. May just be a fluke and be of not help to you at all.
0
 
stoshsbAuthor Commented:
I thought about this myself already.  I am sure that this problem stems from the NIC card issue.  I still have the original two cards showing in the Device manager and I have now disabled them however I think that the DNS is still bound to the original configuration.  I need to find out how to re-assign the DNS to the new NIC card configuration.
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
TannerManCommented:
I am not sure I understand what you mean by re-assign.

If you disable all nics but one and reboot, then the one left will register it self with your DNS server.
If you are concerned about binding order though, open up your NETWORK CONNECTIONS window adn click on ADVANCED at the top menu.
Then choose ADVANCED SETTINGS in the drop down menu. If more than one active NIC is in your machine then you can change the binding order.
0
 
stoshsbAuthor Commented:
Here is the latest results from my netdiag tool.  

I am not sure where to go from here.  Any help would be greatly appreciated.

Thanks

 C:\Documents and Settings\Administrator>netdiag

........................................

    Computer Name: MLSERVER
    DNS Host Name: MLSERVER.mauricelaw.com
    System info : Windows 2000 Server (Build 2195)
    Processor : x86 Family 15 Model 2 Stepping 4, GenuineIntel
    List of installed hotfixes :
        KB820888
        KB822831
        KB823182
        KB823559
        KB823980
        KB824105
        KB824141
        KB824146
        KB824151
        KB825119
        KB826232
        KB828028
        KB828035
        KB828741
        KB828749
        KB830352
        KB832359
        KB834707-IE6SP1-20040929.091901
        KB835732
        KB837001
        KB837272
        KB839645
        KB840315
        KB840987
        KB841356
        KB841533
        KB841872
        KB841873
        KB842526
        Q147222
        Q816093


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Lan 1 Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : MLSERVER
        IP Address . . . . . . . . : 192.168.1.51
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.1.1
        Dns Servers. . . . . . . . : 192.168.1.51
                                     206.115.131.51


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
            No remote names have been found.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.

    Adapter : Wan 1 Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : MLSERVER
        IP Address . . . . . . . . : 192.168.1.18
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . :
        Dns Servers. . . . . . . . : 192.168.1.51
                                     209.115.131.51


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Skipped
            [WARNING] No gateways defined for this adapter.

        NetBT name test. . . . . . : Passed
            No remote names have been found.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{DF768629-1822-4FB7-ACEE-BA40B95ACB06}
        NetBT_Tcpip_{2C035989-A87F-43A9-8146-432FDAEB2355}
    2 NetBt transports currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
          [WARNING] Cannot find a primary authoritative DNS server for the name
            'MLSERVER.mauricelaw.com.'. [RCODE_SERVER_FAILURE]
            The name 'MLSERVER.mauricelaw.com.' may not be registered in DNS.
          [WARNING] Cannot find a primary authoritative DNS server for the name
            'MLSERVER.mauricelaw.com.'. [RCODE_SERVER_FAILURE]
            The name 'MLSERVER.mauricelaw.com.' may not be registered in DNS.
    [WARNING] The DNS entries for this DC are not registered correctly on DNS se
rver '192.168.1.51'. Please wait for 30 minutes for DNS server replication.
       [WARNING] The DNS entries for this DC cannot be verified right now on DNS
 server 206.115.131.51, ERROR_TIMEOUT.
    [WARNING] The DNS entries for this DC are not registered correctly on DNS se
rver '209.115.131.51'. Please wait for 30 minutes for DNS server replication.
    [FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{DF768629-1822-4FB7-ACEE-BA40B95ACB06}
        NetBT_Tcpip_{2C035989-A87F-43A9-8146-432FDAEB2355}
    The redir is bound to 2 NetBt transports.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{DF768629-1822-4FB7-ACEE-BA40B95ACB06}
        NetBT_Tcpip_{2C035989-A87F-43A9-8146-432FDAEB2355}
    The browser is bound to 2 NetBt transports.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
    IPSec policy service is active, but no policy is assigned.
0
 
TannerManCommented:
Unrealed to your issue most likely,,,,,,,but why is wan and lan cards  set in the same network (192.168.1.x and 255.255.255.0)?
I mean, why are there two cards in use? Is this an internet gateway as well? I wouldn't think so since the WAN IP is a private IP address. Just confused.
0
 
stoshsbAuthor Commented:
The Wan IP is configured to handle the remote access for the network VPN.
0
 
TannerManCommented:
Ok
I wish I knew what else to tell you on this, but not sure what direction to head.
0
 
stoshsbAuthor Commented:
Ok,

I have disabled the remote connection NIC and it has resolved the DNS issues.  Now I am only receiving two error messages which are related to each other.  They are both in the Application log and they read as follows

1 - Source = userenv
     Event = 1000
Cannot establish a connection to mauricelaw.com with (1787)

2 - Soure = userenv
     Event = 1000
Windows cannot query for the list of Group Policy objects.  A message that describes the reason for this was previously logged by this policy engine.

Any suggestions?
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now