KDC Error 11, multiple accounts of MSSQLSvc/server01.XXXXXXXXXX.local:29614, cant delete

Hi

I am getting multiple entries of MSSQLSvc/server01.xxxxxxxxxxx.local:29614

I followed links here and ran LDIFDE to generate log, I searched log for the above string and can see it under SERVER01$ and XXXXXXX (user).

I try running the setspn -D but it does not work.

Any help appreciated

antalp71Asked:
Who is Participating?
 
Chris HudsonConnect With a Mentor Cloud Security ArchitectCommented:
For duplicate SPN issue fisrt find out the dupliacet accounts (You already done that KB http://support.microsoft.com/kb/321044)

Second delete the dupliacet SPN by using setspn or adsiedit.msc.I prefer open ADSIEDIT.msc and locate the object (SERVER01$ or XXXXXXX (user)).Expand the properties of the object and open "ServiceprincipalName" attribute",Delete the SPN from this window.

Note: You need MSSQL SPN for Ur sql service account.There should be only one SPN in complete forest with same name
0
 
antalp71Author Commented:
Thank you.  the setspn -d didnt work for me and I didnt understand the ADSIEDIT.  Thanks for explaining

Ant
0
 
Chris HudsonCloud Security ArchitectCommented:
Adsiedit Overview - http://technet.microsoft.com/en-us/library/cc773354.aspx
You need to install support tools for adsiedit.msc
After finding the server which has the wrong SPN.
start->Run>Adsiedit.msc
Expand Domain and locate the the culprit server
right click on server name>properties and select serviceprincipal name
When you doubleClick SErvicePrincipal name ,you will get a dialog box to add or remove the SPNs
Attaching the screenshot of adsiedit

for setspn syntax refer http://technet.microsoft.com/en-us/library/cc755413.aspx and http://technet.microsoft.com/en-us/library/cc773257.aspx
Syntax to remove SPN using setspn
setspn -d <SPN to remove >  <Server Name>

Example:
setspn -d http/daserver1.reskit.microsoft.com daserver1









adsiedit.jpg
0
 
antalp71Author Commented:
Hi

Thanks for the pics, I was not looking in the properties box and so was just seeing an empty user folder.  All sorted now and deleted.

Many Thanks for your help.

Ant


0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.