SharePoint Experts, Information Architects, Expert Witness

We provide consulting in a broad array of business and technology from architecture to design to deployment of global systems with a focus on surfacing data in the enterprise. Specialists in Microsoft, we are a premier provider of SharePoint Expertise (including 2016 and Office 365). We also provide Expert Witness/Legal Expert in eDiscovery, source discovery, patent infringement, piracy and more! We also have established SICG DLDS s.a. - our counterpart in Costa Rica that specializes in water systems (http://www.crwatersolutions.com) - Contact me direct: david_sterling@sterling-consulting.com or call 704-873-8846 x704.

Search This Blog

Monday, June 19, 2017

SharePoint Event ID 5586 - Target Principal name is incorrect. Cannot generate SSPI context.

Deploying a solution to SharePoint, it seemed to hang for a really long time. I ended up stopping the deployment to see what was up. Immediately thereafter, I could no longer connect to SharePoint at all.

In the Windows Application Event Log, I found multiple Event ID 5586 entries - basically saying "The target principal name is incorrect".

After a few hours of searching, I found one solution here:

http://www.jrjlee.com/2013/01/the-target-principal-name-is-incorrect.html *

* Note that he doesn't indicate that you have to adsiedit.msc to get to the entry (a little headscratching to figure that out).

Some say it worked for them, but it definitely did not work for me.

For one, there were no MSSQLSvc entries. For two, removing the RestrictedKrbHost entries condition went from bad to worse (new error: Unable to login to untrusted domain). I restored the RestrictedKrbHost entries just fine so I tried adding the MSSQLSvc entries and got "Name is not unique".

The final one that worked for me was:

Step 1) Logged on the AD Server and opened adsiedit.msc (Run as administrator)
2) Right clicked on the SQL Server entry and clicked Refresh:



3) Opened AD Users & Computers, right clicked on the account running SQL Services and clicked Unlock Account:


Hat tip to David Murdoch's post *:

http://www.davidmurdoch.com/2014/10/06/the-target-principal-name-is-incorrect-cannot-generate-sspi-context/

Note: his blog incorrectly says "Refresh" from Active Directory Users and Computers - you actually have to use adsiedit.msc.

No comments: