Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2838
  • Last Modified:

Virtual Server 2005 R2 causing errors with Windows 2003 R2 SP2

Hi, I hope you can help me trouble shoot this issues with Virtual Server 2005 R2 and Windows Server 2003 Enterprise R2 SP2.  The server runs as a Domain Controller as well as an app server.  Both are a fresh and default installation.

Virtual Server 2005 makes these errors when loading:
"An error has occured during the creation of Service Connection points for Virtual Server in Active Directory. Either a domain controller is not available to complete the operation or there is a security problem accessing the domain. This operation will be retried the next time the service starts. Error 0x80070005 - Access is denied. "


"The service principal names for Virtual Server could not be registered. Constrained delegation cannot be used until the SPNs have been registered manually. Error 0x80072098 - Insufficient access rights to perform the operation. "

I have read this KB and applied what it said:

The contents of my setspn -L command include:


Can you please help me understand what is happening here, and how can I fix this?

Thank you,

1 Solution
Make sure your server only points to itself for DNS.
Make sure the DNS zone _msdcs.ILYS.local exists and the server is registered.

FreshyMeshyAuthor Commented:
Thanks Netman.  Can you please tell me the step by step instructions on how I can make sure of these things?

Open up DNS from the Administrative Tools.
Expand the Server, then the Forward Lookup zone.
There should be 2 zones listed. _msdcs.ILYS.local and ILYS.local
If there isn't the _msdcs zone, then create it - it's a Primary, AD Integrated zone and replicates to all DNS servers in the Forest.
If it's there, it should contain sub folders for dc, domain, gc, pdc and 3 other records (SOA, NS and CNAME).

Inside those subfolders should be records for your DCs depending on the roles they hold.  All of them should show up under domains>GUID>_tcp with LDAP records.

Make sure the DC you're having issues with is listed in the appropriate folders.  If the zone needed to be created then either reboot the server and restart the Netlogon service.  Make sure the NIC is only pointing to your own DNS server and has the checkmark checked to register in DNS.
Forced accept.

EE Admin
I was having a similar problem and checking the NIC & DNS config ended up exposing my issue.  I realized my shortcut for Virt Serv Administration was pointing to the NetBios server name, so I tried the IP address instead and got a login prompt.  Then I noticed I had a secondary NIC that was not plugged in yet but the IP was showing in DNS - fixed that issue and refreshed everything, still didn't work with NetBios name.  I changed the shortcut to point to the full DNS name of the server, and got right in.   The only fix I had implemented was to register the SPN entries manually, which also may have helped. (http://support.microsoft.com/?kbid=890893)  I will fix the NetBios thing later if it continues to be a problem

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now