Microsoft KB Archive/257734

= Event ID 5788 and Event ID 5789 appear in the System event log =

Article ID: 257734

Article Last Modified on 2/28/2007

-

APPLIES TO


 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows 2000 Server

-



This article was previously published under Q257734



SYMPTOMS
You may receive the following Event ID messages in the system event log on a Microsoft Windows 2000-based member server or workstation:

Event ID Message 1 Event ID 5788:

Source Netlogon:

Error Message: Attempt to update Host Service Principal Names (SPNs) of the computer object in Active Directory failed. The updated values were UNAVAILABLE and UNAVAILABLE. The following error occurred:

Event ID Message 2 Event ID: 5789

Source: NETLOGON

Error Message: Attempt to update DNS host name of the computer object in Active Directory failed. The updated value was fully qualified computer name. The following error occurred:

Note The  placeholder may display the several different error messages. This article discusses both of the following error messages:

Error Message 1

Access is denied.

Error Message 2

The system cannot find the file specified.



CAUSE
You may receive the "Access is Denied" error message if the computer account does not have the required permissions to complete a task.

You may receive the "The System Cannot Find the File Specified" error message if the computer account does not have permission to read the object for its computer account.

You may receive error messages 5789 and 5788 if the DNS suffix for the computer does not match the domain name. This is referred to as a disjointed name space.



RESOLUTION
The events that are described in the "Symptoms" section of this article have many causes and associated resolutions. To determine which resolution to use, verify which error message appears after the text "the following error occurred" text in both Event ID 5788 and Event ID 5789.

Error Message: Access Is Denied
To resolve this issue, verify the permissions in the "Access the computer from the network" user right for the Default Domain Controllers Group Policy Object in the Domain Controllers organizational unit. To do so, follow these steps:
 * 1) Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
 * 2) Expand your domain.
 * 3) Right-click the Domain Controllers organizational unit, and then click Properties.
 * 4) Click the Group Policy tab.
 * 5) Click Default Domain Controllers Policy, and then click Edit.
 * 6) Under Default Domain Controllers Policy, expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then clickUser Rights Assignment.
 * 7) In the right pane, double-click Access this computer from network to view a full list of members.
 * 8) Repeat steps 4 through 6 for all the following group policies that apply to domain controllers.
 * 9) * Computer Configuration
 * 10) * Windows Settings
 * 11) * Security Settings
 * 12) * Local Policies
 * 13) * User Rights Assignment

Error Message: The System Cannot Find the File Specified
To resolve this issue, verify the permissions on your computer account. To do so, follow these steps:
 * 1) Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
 * 2) On the View menu, click Advanced Features.
 * 3) In Active Directory, expand your domain, expand Computers, right-click your computer, and then click Properties.
 * 4) Click the Security tab.
 * 5) Click to select the Allow check box for each of the following permissions:
 * 6) * Create All Child Objects
 * 7) * Delete All Child Objects
 * 8) * Validated Write to DNS Hostname
 * 9) * Validated Write to Service Principal Name
 * 10) * Read Personal Information
 * 11) * Write Personal Information

Event IDs 5789 and 5788
To resolve this issue, verify that the suffix does not match the domain name, and then change the suffix so that it does match. To do so, follow these steps:
 * 1) Right-click My Computer, and then click Properties.
 * 2) Click the Network Identification tab, click Properties, and then click More.

The DNS suffix is listed in the Primary DNS suffix of this computer dialog box.
 * 1) Confirm that this matches your domain name, or edit it to match your domain name. If the disjointed name space is intended, see the "References" section of this article.

