I noticed that the eventlog "Microsoft-Windows-Security-Kerberos" is filled with the same entry around every minute (sometimes three times per minute, sometimes only after two or three minutes):
- Event ID: 100
- Description (roughly translated from German): The Service Principal Name "host/localhost@MYDOMAIN.LOCAL" is not registered, causing an error with Kerberos authentication: 0x7. Use the command line tool "setspn.exe" to register the SPN
This happens on our primary domain controller (also hosting Exchange 2013), but not on our secondary.
I have searched a lot, but couldn't find anything applicable except for https://comp.protocols.kerberos.narkive.com/WfAhMzuZ/host-localhost-principal:
There are significant security issues to having a host/localhost on all your machines. If one of your machines is compromised it can be used to attack the other machines.
I have no idea which service might be causing those entries. I could register the SPN, but don't know if this is a good idea or could be causing other problems. Also, I didn't notice any problems so far that might be caused by those entries.
- How can I find out which service is causing this?
- Should I create the SPN?
