Event ID - 1411

Event Id1411
SourceMicrosoft-Windows-ActiveDirectory_DomainService
DescriptionActive Directory failed to construct a mutual authentication service principal name (SPN) for the following domain controller. Domain controller:%1 The call was denied. Communication with this domain controller might be affected. Additional Data Error value:%3 %2
Event InformationAccording to Microsoft :
Cause :
This event is logged when the Active Directory failed to construct a mutual authentication service principal name (SPN) for the following domain controller.
Resolution :
Ensure that replication partners are accessible
Perform the following tasks using the domain controller that reported the issue.
To perform this procedure, you must have membership in Domain Admins, or you must have been delegated the appropriate authority.
To ensure that replication partners are accessible:
  1. Open a command prompt as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. Run the command repadmin /showreps. This command displays the currect replication partners of the domain controller.
  3. On each domain controller that is identified as a replication partner, run the command dcdiag /fix. This command registers the appropriate service principal names (SPNs) for that domain controller.
  4. On each domain controller that is identified as a replication partner, run dcdiag /test:OutboundSecureChannels /testdomain:domain,where domain is the actual domain name of the domain controller that is reporting the error message. This command tests all secure channels for the domain controller.
  5. On the domain controller that is reporting this error, run repadmin /syncall domain, where domain is the actual domain name of the domain controller that is reporting the error message.
Verify :
Perform the following procedure using the domain controller from which you want to verify that Active Directory replication is functioning properly.
To perform this procedure, you must have membership in Domain Admins, or you must have been delegated the appropriate authority.
To verify that the appropriate Service Principal Names (SPNs) are generated:
  1. Open a command prompt as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. Run the command dcdiag /test:outboundsecurechannels /s:computername, /testdomain:domainname. Substitute the actual names of the computer and the domain for computername and domainname, respectively. The command runs a series of tests. If all tests indicate success, the appropriate SPNs are registered.
Reference LinksEvent ID 1411 from Source Microsoft-Windows-ActiveDirectory_DomainService

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.
 Refresh