Domain Controller Warning Event ID:10154

Log Name: System
Source:  Microsoft-Windows-WinRM
Date:  1/1/2010 1:22:43 PM
Event ID: 10154
Task Category: None
Level:  Warning
Keywords: Classic
User:  N/A
Computer: dcname.domain.tld
The WinRM service failed to create the following SPNs: WSMAN/dcname.domain.tld; WSMAN/dcname.
Additional Data
The error received was 8344: %%8344.
User Action
The SPNs can be created by an administrator using setspn.exe utility.

If you have just upgraded to Windows Server 2008 R2 domain controller version and getting above error message, then you must fix by granting some special permissions.

By default, WinRM service is running under NETWORK SERVICE account.WinRM attempts to create 2 SPn (WSMAN/ & WSMAN /servername) after startup process.

To help this process, you must grant “Validated Write to Service Principal Name” permission to the NETWORK SERVICE account for each DC which generates this error message.

To achieve this goal,in adsiedit;

Default Naming Context – Domain Controllers OU – Specific Domain Controller

Click Properties and security.Add NETWORK SERVICE account and grant permission.


Leave a Reply

Your email address will not be published. Required fields are marked *

+ 2 = 9