Which account should I delete after finding duplicate SPN of MSSQLSvc/LPZ-Tickets.LowryParkZoo.com:1433
Based on others I used the following command to export 2 entries:
ldifde -d dc=lowryparkzoo,dc=com -r "(serviceprincipalname=mss
Here are the results:
dn: CN=Administrator,CN=Users,
changetype: add
servicePrincipalName: MSSQLSvc/lpz-backup1.Lowry
servicePrincipalName: MSSQLSvc/lpz-accounting.Lo
servicePrincipalName: MSSQLSvc/lpz-backup.LowryP
servicePrincipalName: MSSQLSvc/lpz-tickets.Lowry
dn: CN=LPZ-TICKETS,CN=Computer
changetype: add
servicePrincipalName: MSSQLSvc/lpz-tickets.Lowry
servicePrincipalName: DNS/lpz-tickets.LowryParkZ
servicePrincipalName:
NtFrs-88f5d2bd-b646-11d2-a
servicePrincipalName: HOST/lpz-tickets.LowryPark
servicePrincipalName: HOST/lpz-tickets.LowryPark
servicePrincipalName: HOST/LPZ-TICKETS
servicePrincipalName: HOST/lpz-tickets.LowryPark
I looked at the MSSQLSERVER service in LPZ-Tickets and it uses the Local System Account to Log On.
I noted that the CN=Administrator and CN=LPZ-Tickets both have the same MSSQLSvc serviceprincipalname.
In MS article http://support.microsoft.com/kb/321044 it has as the resolution:
RESOLUTION
To resolve this problem, locate the computer accounts that have the duplicate SPNs. When you have located the computers that have the duplicate SPNs, you can either delete the computer account from the domain, disjoin and rejoin the computer to the domain, or you can use ADSIEdit to correct the SPN on the computer that has the incorrect SPN.
So I need to figure out which one to remove and how to use adsiedit to remove or fix the incorrect entry, so the SQL service stays running and the Event Error 11 in Source KDC is eliminated.
Thanks in advance.
ldifde -d dc=lowryparkzoo,dc=com -r "(serviceprincipalname=mss
Here are the results:
dn: CN=Administrator,CN=Users,
changetype: add
servicePrincipalName: MSSQLSvc/lpz-backup1.Lowry
servicePrincipalName: MSSQLSvc/lpz-accounting.Lo
servicePrincipalName: MSSQLSvc/lpz-backup.LowryP
servicePrincipalName: MSSQLSvc/lpz-tickets.Lowry
dn: CN=LPZ-TICKETS,CN=Computer
changetype: add
servicePrincipalName: MSSQLSvc/lpz-tickets.Lowry
servicePrincipalName: DNS/lpz-tickets.LowryParkZ
servicePrincipalName:
NtFrs-88f5d2bd-b646-11d2-a
servicePrincipalName: HOST/lpz-tickets.LowryPark
servicePrincipalName: HOST/lpz-tickets.LowryPark
servicePrincipalName: HOST/LPZ-TICKETS
servicePrincipalName: HOST/lpz-tickets.LowryPark
I looked at the MSSQLSERVER service in LPZ-Tickets and it uses the Local System Account to Log On.
I noted that the CN=Administrator and CN=LPZ-Tickets both have the same MSSQLSvc serviceprincipalname.
In MS article http://support.microsoft.com/kb/321044 it has as the resolution:
RESOLUTION
To resolve this problem, locate the computer accounts that have the duplicate SPNs. When you have located the computers that have the duplicate SPNs, you can either delete the computer account from the domain, disjoin and rejoin the computer to the domain, or you can use ADSIEdit to correct the SPN on the computer that has the incorrect SPN.
So I need to figure out which one to remove and how to use adsiedit to remove or fix the incorrect entry, so the SQL service stays running and the Event Error 11 in Source KDC is eliminated.
Thanks in advance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for both recommendations. That helped me to understand what I was doing.
ASKER
Thanks again.
ASKER