none
Windows Remote Management Event ID 10154: The WinRM service failed to create the following SPN: WSMAN

    Question

  • I’m having an issue I can’t get resolved and hope you can help me. I’ve setup a new domain and forest on a 2012 R2 server and I receive the following error:

    The WinRM service failed to create the following SPNs: WSMAN/srvVM01.Lab.local; WSMAN/srvVM01.

    Additional Data

    The error received was 1355: %%1355.

    User Action

    The SPNs can be created by an administrator using setspn.exe utility.

    I found others to have the same issue so this is what I did so far:

    The commands ‘setspn -a WSMAN/srvVM01.Lab.local Lab.local\srvVM01’ and ‘setspn -a WSMAN/srvVM01 Lab.local\srvVM01’ return ‘Duplicate SPN found, aborting operation!’;

    When I run ‘dsacls "CN=AdminSDHolder,CN=System,DC=lab,DC=local" /G "NETWORK SERVICE:WS;Validated write to service principal name"’ it returns ‘The specified domain either does not exist or could not be contacted.’

    ‘dsacls "CN=SRVVM01,OU=Domain Controllers,DC=Lab,DC=local" /G "NETWORK SERVICE:WS;Validated write to service principal name"’ Reports ‘Parameter Controllers,DC=Lab,DC=local" was unexpected. The parameter is incorrect. The command failed to complete successfully.’

    That why I used Adsiedit to check ‘Validated Write to service principal name’ for the ‘Network service’ account on the security tab of the ‘CN=SRVVM01,OU=Domain Controllers,DC=Lab,DC=local object’;

    If I run ‘winrm quickconfig’ I get ‘WinRM service is already running on this machine. WinRM is already set up for remote management on this computer.’

    Unfortunately I keep getting this error every time I reboot the server. I’m doing something wrong or I’m overlooking something but can’t figure out how to get rid of this message.

    Thanks in advance for your help,

    Kurt Merlo (Merits.be)

    Sunday, August 10, 2014 7:45 PM

Answers

  • Hi,

    I was able to get rid of the error messages with event ID 10154 in the event log from Windows Remote Management. This error with the message "The WinRM service failed to create the following SPN: WSMAN" first appeared after I installed the AD DS role and promoted the server. As soon as I did this the error was appearing every time I restarted the winrm service.

    The following steps got rid of the error:

    As suggested in the event log I ran 'setspn -a WSMAN/srvVM01.Lab.local Lab.local\srvVM01' & 'setspn -a WSMAN/srvVM01 Lab.local\srvVM01' both commands returned 'Updated object'. Lab.local is my domain and srvVM01 is the Domain Controller for this domain.

    After this the error was still appearing everytime I restarted the service.

    Then I ran 'dsacls "CN=SRVVM01,OU=Domain Controllers,DC=Lab,DC=local" /G "NETWORK SERVICE:WS;Validated write to service principal name"' which completed successfully.

    After this step the error doesn't reappear when I restart the service but I still got the message everytime I reboot the server.

    The solution for these last messages was to set the service startup type to "Automatic (Delayed Start)" instead of "Automatic".

    Kind regards,

    Kurt Merlo

    Monday, August 18, 2014 7:14 PM

All replies

  • Hi,

    Thanks for your posting.

    Please check if NAP Policy Service is running.

    Also, there is a similar thread has been discussed:

    The WinRM service failed to create the following SPNs

    http://social.technet.microsoft.com/Forums/windowsserver/en-US/ff42d97f-8c52-4ddc-93a2-6ae79498e3d5/the-winrm-service-failed-to-create-the-following-spns?forum=windowsserver2008r2general

    Please feel free to let us know if you need further assistance.

    Regards.


    Vivian Wang

    Tuesday, August 12, 2014 4:54 AM
    Moderator
  • Thanks for your reply,

    I've checked and the network access protection agent service is set to manual and isn't started.

    As suggested in the post you've mentioned I ran 'dsacls "CN=AdminSDHolder,CN=System,DC=Lab,DC=local" /G "S-1-5-20:WS;Validated write to service principal name"'. The commmand completed succesfully but it didn't resolve my issue.

    I've also set the network access protection agent service to automatic and started the service but once again when I restart the server the error reappears.

    Kind regards,

    Kurt Merlo

    Tuesday, August 12, 2014 4:34 PM
  • Hi,

    Did you grant the  “Validated Write to Service Principal Name” permission to the NETWORK SERVICE using the ADSIEDIT.msc?

    http://srvcore.wordpress.com/2010/01/02/domain-controllers-warning-event-id-10154/

    In addition, you could create the SPN specified in the event using the setspn.exe utility.

    http://technet.microsoft.com/en-us/library/dd348559(WS.10).aspx

    Regards.

    If you have any feedback on our support, please click here


    Vivian Wang

    Wednesday, August 13, 2014 7:55 AM
    Moderator
  • Hi,

    I reinstalled the server yesterday evening and tried again.

    After the Windows 2012 R2 install process I installed the AD DS role and promoted the server. As soon as I did this the error was appearing every time I restarted the winrm service.

    So I did the following:

    - I ran 'winrm quickconfig' it returned 'WinRM service is already running on this machine. WinRM is already set up for remote management on this computer.'

    - Then I ran 'setspn -a WSMAN/srvVM01.Lab.local Lab.local\srvVM01' & 'setspn -a WSMAN/srvVM01 Lab.local\srvVM01' both commands returned 'Updated object'

    After this the error was still appearing everytime I restarted the service.

    - I continued and I ran 'dsacls "CN=SRVVM01,OU=Domain Controllers,DC=Lab,DC=local" /G "NETWORK SERVICE:WS;Validated write to service principal name"' which compled successfully.

    After this last step the error stopped appearing when I restarted the server. I waited 4 hours and tried again and I thought the matter was resolved because the error didn't reappear.

    Unfortunately when I reboot the server the message reappears, but only when I reboot the server. Restarting the winrm service doesn't show the error message.

    So I did some checks:

    - I used ADSIEDIT to check 'CN=SRVVM01,OU=Domain Controllers,DC=Lab,DC=local' and I see that the 'Network Service' account has the 'Allow' checkbox marked next to 'Validated write to service principal'.

    - When I reran 'setspn -a WSMAN/srvVM01.Lab.local Lab.local\srvVM01' & 'setspn -a WSMAN/srvVM01 Lab.local\srvVM01' it returned 'Duplicate SPN found, aborting operation!'

    So I still get these this error message the only difference is that now it only appears when I reboot the server. When I restart the service the message doesn't reappear. This Is the same behavior as before I reinstalled it.

    Kind regards,

    Kurt Merlo

    Wednesday, August 13, 2014 11:04 AM
  • Hi,

    When you run 'dsacls "CN=SRVVM01,OU=Domain Controllers,DC=Lab,DC=local" /G "NETWORK SERVICE:WS;Validated write to service principal name"' successfully, you need to restart the WinRM service.

    http://www.eventid.net/display-eventid-10154-source-Microsoft-Windows-WinRM-eventno-10610-phase-1.htm

    There are some similar threads:

    Windows Remote Management Event ID 10154

    http://social.technet.microsoft.com/Forums/en-US/a7df4ede-c5e4-45c2-9d8f-ae2fbb45bf4d/windows-remote-management-event-id-10154?forum=winservergen

    Event ID 10154 Still appearing even though SPN exists?

    http://social.technet.microsoft.com/Forums/en-US/1a1c7761-494b-45a2-a66c-06d0f95f6ace/event-id-10154-still-appearing-even-though-spn-exists?forum=winserverDS

    Regards.


    Vivian Wang

    Monday, August 18, 2014 1:41 AM
    Moderator
  • Hi,

    Unfortunately none of the links contain new information so I still get this error everytime I reboot the server.

    Kind regards,

    Kurt Merlo

    Monday, August 18, 2014 11:16 AM
  • Hi,

    I was able to get rid of the error messages with event ID 10154 in the event log from Windows Remote Management. This error with the message "The WinRM service failed to create the following SPN: WSMAN" first appeared after I installed the AD DS role and promoted the server. As soon as I did this the error was appearing every time I restarted the winrm service.

    The following steps got rid of the error:

    As suggested in the event log I ran 'setspn -a WSMAN/srvVM01.Lab.local Lab.local\srvVM01' & 'setspn -a WSMAN/srvVM01 Lab.local\srvVM01' both commands returned 'Updated object'. Lab.local is my domain and srvVM01 is the Domain Controller for this domain.

    After this the error was still appearing everytime I restarted the service.

    Then I ran 'dsacls "CN=SRVVM01,OU=Domain Controllers,DC=Lab,DC=local" /G "NETWORK SERVICE:WS;Validated write to service principal name"' which completed successfully.

    After this step the error doesn't reappear when I restart the service but I still got the message everytime I reboot the server.

    The solution for these last messages was to set the service startup type to "Automatic (Delayed Start)" instead of "Automatic".

    Kind regards,

    Kurt Merlo

    Monday, August 18, 2014 7:14 PM
  • Hi Kurt Merlo,

    Glad the issue was solved by yourself.

    And thanks for your good sharing, i think it will help the people who have the same issue.

    Regards.


    Vivian Wang

    Tuesday, August 19, 2014 6:40 AM
    Moderator
  • I'm getting the same warning emitted with new machine installs/joins to a Windows Server 2016.  Does this have to be done with each and every machine that is added to a Windows Server 2016 domain?!
    • Proposed as answer by michaelr0129 Thursday, March 01, 2018 11:17 AM
    • Unproposed as answer by michaelr0129 Thursday, March 01, 2018 11:17 AM
    Sunday, May 07, 2017 7:29 PM
  • One quick question, you said your last step was to set the service startup to

          The solution for these last messages was to set the service startup type to "Automatic (Delayed Start)" instead of "Automatic".

     which service?  WRM, NAP, or another?

    Friday, April 06, 2018 4:21 PM