Home > Event Id > Event Id 11 Kdc Ds Service Principal Name

Event Id 11 Kdc Ds Service Principal Name


How do I know which duplicate to erase? #3. Get 1:1 Help Now Advertise Here Enjoyed your answer? Click here for article 321044 http://support.microsoft.com//kb/321044 Provide feedback Please rate the information on this page to help us improve our content. Globally replaced my pc's name with the original DC's name, and rebooted. http://arnoldtechweb.com/event-id/event-id-3-kerberos-kdc-err-s-principal-unknown.html

If it had returned "False", I could have used the -repairChannel parameter to fix it (need to run that in PowerShell Admin console). Microsoft Customer Support Microsoft Community Forums United States (English) Sign in Home Windows Server 2012 R2 Windows Server 2008 R2 Library Forums Weā€™re sorry. From a nesgroup post: "Three general suggestions: 1. Resolve Remove the duplicate service prinicipal name Each service principal name (SPN) must be unique. view publisher site

Event Id 11 The Kdc Encountered Duplicate Names

I googled this and found an article that makes the fix seem fairly straighforward: http://technet.microsoft.com/en-us/library/cc733945(WS.10).aspx Here is my output when I run: setspn -X Checking domain DC=iks,DC=bz Processing entry 2 MSSQLSvc/iksdb01.iks.bz:3064 Thank you! After Several reboots of the affected DC, I resorted to changing every reference in the Registry to reflect the server's TRUE name. In order to prevent this from occurring remove the duplicate entries for in Active Directory.ā€¯ Whether it's the "too many cooks in the kitchen" principle leading

  • If there are no duplicate entries, the SPNs are configured correctly.
  • When I searched for cifs -- it didn't find even 'one' though?
  • Thanks, Jamie 0 Comment Question by:jamorlando Facebook Twitter LinkedIn https://www.experts-exchange.com/questions/26425642/Removing-duplicate-SPNs-Service-Name-Providers.htmlcopy LVL 57 Best Solution byMike Kline So the output there gives you the computer name and dupliate SPNs.
  • When replacing or removing machines, try to have them cleanly leave the domain.
  • I deleted the incorrect entry and the problem has been solved.
  • ServiceClass/host.domain.com 3.
  • The computer name is apbrsd2 - in the domain student.apsu.edu.
  • If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

From a newsgroup post: "It sounds like there is a service principal name in more than one place (on two different machine object's serviceprincipalname attributes) in your AD. About Advertising Privacy Terms Help Sitemap × Join millions of IT pros like you Log in to Spiceworks Reset community password Agree to Terms of Service Connect with Or Sign up By creating an account, you're agreeing to our Terms of Use and our Privacy Policy Not a member? Kdc Duplicate Name Mssqlsvc Yes No Additional feedback? 1500 characters remaining Submit Skip this Thank you!

If this is Administrator's account, delete the second one - otherwise (if this is a local System or Network Service account, delete the first one). Use ADSI Edit (adsiedit.msc) to connect to the Distinguished Names (enter the whole line from your search results, e.g. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones. pop over to these guys After running: “setspn -L \”, I received the following output: ”Registered ServicePrincipalNames for CN=, CN=Computers, DC=DC=: MSSQLSvc/.lan:1433”.

My suggestion for our staff is to first REMOVE the machine being replaced from AD and then to add its replacement to AD, particularly if the replacement machine will have the Ds_service_principal_name Click Run. Thanks! 0 LVL 57 Overall: Level 57 Active Directory 55 MS SQL Server 2005 3 MS SQL Server 2 Message Expert Comment by:Mike Kline ID: 335135382010-08-24 some say "IKS\Administrator" (our If you turn on aging and scavenging of records in your DNS zone, you will automatically clean up old stale records.

Remove Duplicate Spn Mssqlsvc

I ran the command and created the export log. https://windorks.wordpress.com/2014/02/05/event-11-and-how-to-remove-duplicate-spns-2/ x 73 EventID.Net See ME911353 for a situation in which this event occurs. Event Id 11 The Kdc Encountered Duplicate Names MenuExperts Exchange Browse BackBrowse Topics Open Questions Open Projects Solutions Members Articles Videos Courses Contribute Products BackProducts Gigs Live Courses Vendor Services Groups Careers Store Headlines Website Testing Ask a Question Remove The Duplicate Entries For Cifs In Active Directory The duplicate name is cifs/APBRSD2 (of type DS_SERVICE_PRINCIPAL_NAME).

Login Join Community Windows Events KDC Ask Question Answer Questions My Profile ShortcutsDiscussion GroupsFeature RequestsHelp and SupportHow-tosIT Service ProvidersMy QuestionsApp CenterRatings and ReviewsRecent ActivityRecent PostsScript CenterSpiceListsSpiceworks BlogVendor PagesWindows Events Event 11 his comment is here I think I need to explain it more ... Use the following procedure toĀ remove one of the duplicate SPNs. This may result in authentication failures or downgrades to NTLM. Kb 321044

Keep in touch with Experts ExchangeTech news and trends delivered to your inbox every month Membership How it Works Gigs Live Careers Plans and Pricing For Business Become an Expert Resource The duplicate name is MSSQLSvc/gears.adcr.com:1433 (of type DS_SERVICE_PRINCIPAL_NAME). This may result in authentication failures or downgrades to NTLM. this contact form This fixed the problem in my case.

Manage Your Profile | Site Feedback Site Feedback x Tell us about your experience... Setspn Duplicate How can it be resolved? The duplicate name is MSSQLSvc/DBFRL01.freelift.com:1433 (of type DS_SERVICE_PRINCIPAL_NAME).

Then using setspn –D MSSQLSvc/:1433 OURSRVACCOUNT2 removed the duplicate SPN from the second account.

There are multiple accounts with name MSSQLSvc/ABCServer.contoso.com:1433 of type DS_SERVICE_PRINCIPAL_NAME. Some are running under IKS\Administrator and some under Local System. If you have a name collision (joining a new machine to the domain that has the same name of some now-missing machine), remember to both clean up the computer object and Setspn Delete The script created the user account in the pre-Windows2000 box, but left the one above it blank.

This may result in authentication failures or downgrades to NTLM. Enter the string from the error message to the filter box, e.g. “servicePrincipalName=MSSQLSvc/SERVERNAME.domain.local:1433”. 4. x 69 Ingo Wittig I had this problem occur after renaming a computer from to and then changing it back to .Another computer got renamed to a day navigate here From this, ADSIEDIT on the rogue entry to edit the servicePrincipalName attribute.

setspn.exe -Q HOST/testcomputer Checking domain DC=adilhindistan,DC=com CN=testcomputer,OU=Workstations,DC=adilhindistan,DC=com TERMSRV/testcomputer.adilhindistan.com WSMAN/testcomputer.adilhindistan.com RestrictedKrbHost/testcomputer.adilhindistan.com HOST/testcomputer.adilhindistan.com Join the IT Network or Login. The error message: "The security database on the server does not have a computer account for this workstation trust relationship" Seeing the message, the first suspicion is that something is wrong Wrong, I always add SQL instances to AD upon initial config.

x 79 EventID.Net As per Microsoft: "Kerberos could not authenticate a principal name because the name was not configured correctly". In order to prevent this from occuring remove the duplicate entries for MSSQLSvc/fontana-v.owasa.local:1433 in Active Directory.

Nov 08, 2012 There are multiple accounts with name MSSQLSvc/bes.DRN.LOCAL:1217 of type DS_SERVICE_PRINCIPAL_NAME.

Dec 20, Privacy Policy Support Terms of Use MenuExperts Exchange Browse BackBrowse Topics Open Questions Open Projects Solutions Members Articles Videos Courses Contribute Products BackProducts Gigs Live Courses Vendor Services Groups Careers Store Very helpful Somewhat helpful Not helpful End of content United StatesHewlett Packard Enterprise International Start of Country Selector content Select Your Country/Region and Language Click or use the tab key to

Type setspn -L , where computer_name is the name of the computer referenced in the event log message. Join our community for more solutions or to ask questions.