none
Event ID: 10154 Source: Windows Remote Management

    Question

  • I'm on Server 2012 Standard. Getting Event ID 10154 with additional information of, "The error received was 1355 %%1355"

    Using ADSIEDIT I navigated to Default Naming Context(ODASERVER.domain.local)\DC=domain,DC=local\OU=domain controllers\CN=odaserver

    I right click on that CN container and select properties. Under the security tab I have listed NETWORK SERVICE and confirmed that there is a checkmark for "Validated write to service principle name".

    Next, I navigate to Default Naming Context(ODASERVER.domain.local)\CN=System\CN=AdminSDHolder. I note there is nothing in this container. However, I right-click the AdminSDHolder container and select properties. Under the security tab I select NETWORK SERVICE and note the only permission checked is "Special permissions". So I click the Advanced button, and under the permissions tab select NETWORK SERVICE, then click the Edit button. There is absolutely nothing checked in this window. Shouldn't there be something checked here, or something in this container? Is this why I continue to get this error numerous times a day?

    Sunday, November 03, 2013 4:40 AM

Answers

  • Hi,

    When a specific SPN can’t create, the Event ID 10154 occurred. So, please just browse to Domain by running ADSIEDIT.MSC:

             DC=domainname

                   OU=Domain Controllers

                         CN=<HOSTNAME>

    Right click on CN=<HOSTNAME>, where <HOSTNAME> is the name of the server throwing the error. And then add network service account, check the "Validated Write to service principal name". Go to Services.msc and restart the Windows Remote Management Service, then check if this issue still exist.

    You only need to add the “Validated Write to Service Principal Name” permission for the Network Service account directly to each domain controller computer account in Active Directory.  You do not need to modify the AdminSDHolder object.

    In addition, there is way about deleting the WinRM listener port. Please refer to.

    Event 10154 (Warning)

    http://community.spiceworks.com/windows_event/show/3578-winrm-10154

    Hope this helps.

    Best regards,

    Justin Gu
    Wednesday, November 06, 2013 12:41 PM
    Moderator

All replies

  • http://blocksandbytes.com/2011/10/11/event-id-10154-winrm-service-failed-to-create-the-following-spns/
    Sunday, November 03, 2013 3:37 PM
  • That's all fine and dandy. However, after a reboot, the errors return on about an hourly basis. Even tried the KB2802886 hotfix and no change. Either wait about an hour, or reboot, and the errors start returning. Note also, that I've already tried all the info on the links found in the forums (the links I could find) and found none that specifically state they work on Server 2012 Standard. Tried them anyway, to no avail.


    • Edited by Carl1959 Sunday, November 03, 2013 6:00 PM
    Sunday, November 03, 2013 5:59 PM
  • Hi,

    When a specific SPN can’t create, the Event ID 10154 occurred. So, please just browse to Domain by running ADSIEDIT.MSC:

             DC=domainname

                   OU=Domain Controllers

                         CN=<HOSTNAME>

    Right click on CN=<HOSTNAME>, where <HOSTNAME> is the name of the server throwing the error. And then add network service account, check the "Validated Write to service principal name". Go to Services.msc and restart the Windows Remote Management Service, then check if this issue still exist.

    You only need to add the “Validated Write to Service Principal Name” permission for the Network Service account directly to each domain controller computer account in Active Directory.  You do not need to modify the AdminSDHolder object.

    In addition, there is way about deleting the WinRM listener port. Please refer to.

    Event 10154 (Warning)

    http://community.spiceworks.com/windows_event/show/3578-winrm-10154

    Hope this helps.

    Best regards,

    Justin Gu
    Wednesday, November 06, 2013 12:41 PM
    Moderator