Your Windows 2000 member workstation or server may have the following System event log entries:
Event ID 5788: Source Netlogon: Error Message: Attempt to update Host Service Principal Names (SPNs) of the computer object in Active Directory failed. The updated values were UNAVAILABLE and UNAVAILBLE. The following error occurred: Access is denied. Event ID: 5789 Source: NETLOGON Error Message: Attempt to update DNS host name of the computer object in Active Directory failed. The updated value was fully qualified computername. The following error occurred: Access is denied.The member's computer account can read but can NOT write to the Active Directory. If you receive The system cannot find the file specified instead of Access is denied, your computer account does NOT have read access or has been deleted. If you receive The parameter is incorrect instead of Access is denied, the DNS suffix for the computer may not match the domain name. To verify and/or change the suffix, right-click My Computer, press Properties / Network Identification tab / Properties / More. The DNS suffix is displayed in the Primary DNS suffix for this computer box.
Use the Active Directory Users and Computers snap-in to verify / change permissions in the Access this computer from the network user right for the Default domain controllers Group Policy Object (GPO) in the Domain Controllers organizational unit. Select Domain Controllers and right-click Properties. Select the Group Policy tab. Open each of the following items in the snap-in:
Default Domain Controllers Policy
User Rights Assignment
Add Authenticated Users if this group is not present.
Make sure that the computer object has read, write, create,
delete child objects, and change passwords permissions.