-
Title
WARNING: 501 The computer object is missing servicePrincipalName entry(s). -
Description
The error is being reported while running Vastool Status or Host checking from MCU.
-
Cause
This occurs when expected servicePrincipalName entries do not exist on the computer object in AD.
The entries are typically in this format.
servicePrincipalName: host/HOSTNAME
servicePrincipalName: host/hostname.domainIf they are missing it is usually a result of the account that was used to conduct the original join had insufficient permissions to write to the servicePrincipalName attributes. This should be corrected.
-
Resolution
If the entries are missing they will either need to be added manually in AD, remotely from a QAS enabled host or by rejoining.
Resolution # 1 Manually in AD.
This could be done using ADSI Edit or Attribute Editor on the object properties.
Resolution # 2 This can be done using 'vastool' commands. An example is below
/opt/quest/bin/vastool -u administrator setattrs -m hostname$ serviceprincipalname host/HOSTNAME host/hostname.domain
Resolution # 3 Rejoin using an account that has sufficient permissions to write to the servicePrincipalName attribute.
Example:
/opt/quest/bin/vastool -u administrator join -f domainname