Home
  •  

Active Directory cannot perform an authenticated RPC call to another DC because the SPN for the destination DC is not registered on the KDC

Active_Directory_cannot_perform_an_authenticated_RPC_call_to_another_DC_because_the_SPN_for_the_destination_DC_is_not_registered_on_the_KDC_5_Rule (Rule)

Knowledge Base article:

Summary

The Active Directory® directory service did not perform an authenticated remote procedure call (RPC) to another domain controller because the desired service principal name (SPN) for the destination domain controller is not registered on the domain controller hosting the Key Distribution Center (KDC) that resolves the SPN.

Resolutions

Verify that the names of the destination domain controller and domain are correct. Also, verify that the SPN is registered on the KDC domain controller. If the destination domain controller has been recently promoted, it will be necessary for the local domain controller’s computer account data to replicate to the KDC before this computer can be authenticated.

Sample Event:

Active Directory did not perform an authenticated remote procedure call (RPC) to another domain controller because the desired service principal name (SPN) for the destination domain controller is not registered on the Key Distribution Center (KDC) domain controller that resolves the SPN.

Destination domain controller: %1

SPN: %2

External

For more information, see:

Element properties:

TargetMicrosoft.Windows.Server.2003.AD.DomainControllerRole
CategoryEventCollection
EnabledTrue
Event_ID1645
Alert GenerateTrue
Alert SeverityError
Alert PriorityNormal
RemotableTrue
Alert Message
Active Directory cannot perform an authenticated RPC call to another DC because the SPN for the destination DC is not registered on the KDC
{0}
Event LogDirectory Service
CommentMom2005ID='{97824C74-2979-4783-BA0C-669B20EE9949}';MOM2005GroupID=

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.EventProvider Default
GenerateAlert WriteAction System.Health.GenerateAlert Default
WriteToDB WriteAction Microsoft.SystemCenter.CollectEvent Default
WriteToDW WriteAction Microsoft.SystemCenter.DataWarehouse.PublishEventData Default

Source Code:

<Rule ID="Active_Directory_cannot_perform_an_authenticated_RPC_call_to_another_DC_because_the_SPN_for_the_destination_DC_is_not_registered_on_the_KDC_5_Rule" Comment="Mom2005ID='{97824C74-2979-4783-BA0C-669B20EE9949}';MOM2005GroupID=" Enabled="onEssentialMonitoring" Target="AD2003Core!Microsoft.Windows.Server.2003.AD.DomainControllerRole" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Directory Service</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>1645</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>Channel</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>Directory Service</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>2</Severity>

      <AlertOwner>$Data/PublisherName$</AlertOwner>

      <AlertMessageId>$MPElement[Name="Active_Directory_cannot_perform_an_authenticated_RPC_call_to_another_DC_because_the_SPN_for_the_destination_DC_is_not_registered_on_the_KDC_5_Rule.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/EventDescription$</AlertParameter1>

      </AlertParameters>

      <Suppression>

        <SuppressionValue/>

      </Suppression>

    </WriteAction>

    <WriteAction ID="WriteToDB" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>

    <WriteAction ID="WriteToDW" TypeID="SCDW!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>

  </WriteActions>

</Rule>