I was getting an error ” The WinRM service failed to create the following SPNs: WSMAN/hostname; WSMAN/hostname. ” at startup on Windows 2008 R2 Domain Controllers.
Log Name: System
Event ID: 10154
WinRM runs under ” Network Service ” account. You can eliminate this problem by giving Validated Write to Service Principal Name permission to the NETWORK SERVICE using the ADSIEDIT.msc. This will allow WinRM to auto create the necessary SPNs on that domain controller. After granting this permission, re-sync all DCs and do a reboot to each domain controller where you did the change, after that reboot you will see that the warning is gone and the required SPNs were created successfully.
1- Use ADSIEDIT.msc
2- Choose Default naming context and scroll down to the Domain Controllers OU
3- Right-click the Domain Controller object that is showing the warnings and select properties
4- Select security tab
5- In the advanced security settings menu, click add, type ” Network Service ” and hit ok.