Missing HOST SPN can cause workstation trust relationship error

Before resetting the computer account (which may work to sort out the issue), test if the machine has both HOSTNetbios and HOSTFQDN SPN’s. A missing SPN can cause this error.

Explanation:

Host name: MACHINE1.bigcompany.local

SPN’s should include: HOSTMACHINE1 and HOSTMACHINE1.bigcompany.local

On a Domain Controller or any server with ldap access, list the SPN for MACHINE1:

setspn -L MACHINE1

If any HOSTSPN is missing, use setspn (or GET-ADCOMPUTER in Powershell) to reset the SPN:

For example, from an elevated command prompt on an Active Directory server:

setspn -R MACHINE1

Related:

Leave a Reply