Event viwer error: 11 multiple accounts with MSSQLvc/SERVER.OFFICE:1433 type10

Posted on 2006-03-22
Last Modified: 2008-03-04
Hello everyone.

I have this message on my event viwer:

Event viwer error: 11 multiple accounts with MSSQLvc/SERVER.OFFICE:1433 type10

I've a MS SQL Server 2000 installed on a W2k Server that is a domain controller. The message is translated because originally is displayed in spanish, so maybe (sure) is not exact as it appears in english SQL/W2k.

Anyone knows why appears and what it means? (all works fine apparently)

Question by:montcadalr
    LVL 75

    Accepted Solution

    Hi montcadalr,
    Try these

    This error can be caused when the Service Principal Name (SPN) has been registered incorrectly for a service running on a server. Each service that uses Kerberos authentication needs to have an SPN set for it so that clients can identify the service on the network. The SPN is registered in Active Directory under a user account as an attribute of the user account called a servicePrincipalName.

    The above error typically indicates that ServiceClass/ has been registered as an SPN on more than one Active Directory User Account. This typically happens when a service is set to start with a different service account and setSPN is used to add the new SPN but the old SPN is not removed. In general, only one SPN should be set for each service. Multiple SPNs can cause clients to connect to the wrong system or the ticket may be encrypted with the wrong key.

    To enable the service to authenticate properly, you need to make sure that the service has only one SPN. In order to do this first we need to find which accounts have the duplicate SPNs and then delete one of them. The easiest way to determine which account the ServiceClass SPN should be registered under is to identify the service account under which the service starts. For instance if the service class & hostname is MSSQLSvc/ then logon to and verify which account SQL Server services are using to start with, this is the account that the SPN should be registered to.

    To generate a list of accounts that the SPNs are registered to, run the following command at the command prompt.

    From the domain controller, open a command prompt and then type the following string:
    ldifde -f domain.txt -d “dc=domain,dc=com”
    Open the text file in Notepad and then search for the SPN that is reported in the event log.
    Note the user accounts under which the SPN is located and the organizational unit the accounts reside in….the userPrincipalName should be located directly above the servicePrincipalName registration as in the example below.
    servicePrincipalName: ServiceClass/
    Use one of the following options to delete the account SPN registrations from the accounts that should not contain registrations to ServiceClass/ (i.e. Typically any accounts containing an SPN registration for SeriviceClass/ that services are not explicitly starting with)

    Using ADSIEdit

    Add ADSIEdit to the MMC and bind to the domain using the Domain well known naming context.
    Navigate to each user account you previously documented as having a duplicate SPN registration and right click the account and select properties.
    Scroll through the list of attributes until you see servicePrincipalName, double click servicePrincipalName and remove the duplicate SPN registration and click on OK and exit ADSIEdit.
    Using SetSPN

    From the command prompt type the following command and hit enter.
    setspn -D ServiceClass/ AccountName
    LVL 75

    Expert Comment

    by:Aneesh Retnakaran
    LVL 75

    Expert Comment

    by:Aneesh Retnakaran
    Points Aneeshattingal..

    Author Comment

    I'm sorry, I've been busy to achieve this question.
    I'll try to solve this week.
    Thanks a lot!

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    I recently came across an interesting Question In EE ( and was puzzled about how to achieve that using SSIS out of the box tasks, which was i…
    Introduced in Microsoft SQL Server 2005, the Copy Database Wizard ( is useful in copying databases and associated objects between SQL instances; therefore, it is a good migration and upgrade tool…
    Using examples as well as descriptions, and references to Books Online, show the different Recovery Models available in SQL Server and explain, as well as show how full, differential and transaction log backups are performed
    Viewers will learn how to use the INSERT statement to insert data into their tables. It will also introduce the NULL statement, to show them what happens when no value is giving for any given column.

    731 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now