KDC Error 11, multiple accounts of MSSQLSvc/server01.XXXXXXXXXX.local:29614, cant delete

Posted on 2009-02-13
Last Modified: 2012-05-06

I am getting multiple entries of MSSQLSvc/server01.xxxxxxxxxxx.local:29614

I followed links here and ran LDIFDE to generate log, I searched log for the above string and can see it under SERVER01$ and XXXXXXX (user).

I try running the setspn -D but it does not work.

Any help appreciated

Question by:antalp71
    LVL 3

    Accepted Solution

    For duplicate SPN issue fisrt find out the dupliacet accounts (You already done that KB

    Second delete the dupliacet SPN by using setspn or adsiedit.msc.I prefer open ADSIEDIT.msc and locate the object (SERVER01$ or XXXXXXX (user)).Expand the properties of the object and open "ServiceprincipalName" attribute",Delete the SPN from this window.

    Note: You need MSSQL SPN for Ur sql service account.There should be only one SPN in complete forest with same name

    Author Closing Comment

    Thank you.  the setspn -d didnt work for me and I didnt understand the ADSIEDIT.  Thanks for explaining

    LVL 3

    Expert Comment

    Adsiedit Overview -
    You need to install support tools for adsiedit.msc
    After finding the server which has the wrong SPN.
    Expand Domain and locate the the culprit server
    right click on server name>properties and select serviceprincipal name
    When you doubleClick SErvicePrincipal name ,you will get a dialog box to add or remove the SPNs
    Attaching the screenshot of adsiedit

    for setspn syntax refer and
    Syntax to remove SPN using setspn
    setspn -d <SPN to remove >  <Server Name>

    setspn -d http/ daserver1


    Author Comment


    Thanks for the pics, I was not looking in the properties box and so was just seeing an empty user folder.  All sorted now and deleted.

    Many Thanks for your help.



    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now