KDC Error 11, multiple accounts of MSSQLSvc/server01.XXXXXXXXXX.local:29614, cant delete


I am getting multiple entries of MSSQLSvc/server01.xxxxxxxxxxx.local:29614

I followed links here and ran LDIFDE to generate log, I searched log for the above string and can see it under SERVER01$ and XXXXXXX (user).

I try running the setspn -D but it does not work.

Any help appreciated

Who is Participating?
Chris HudsonConnect With a Mentor Cloud Security ArchitectCommented:
For duplicate SPN issue fisrt find out the dupliacet accounts (You already done that KB http://support.microsoft.com/kb/321044)

Second delete the dupliacet SPN by using setspn or adsiedit.msc.I prefer open ADSIEDIT.msc and locate the object (SERVER01$ or XXXXXXX (user)).Expand the properties of the object and open "ServiceprincipalName" attribute",Delete the SPN from this window.

Note: You need MSSQL SPN for Ur sql service account.There should be only one SPN in complete forest with same name
antalp71Author Commented:
Thank you.  the setspn -d didnt work for me and I didnt understand the ADSIEDIT.  Thanks for explaining

Chris HudsonCloud Security ArchitectCommented:
Adsiedit Overview - http://technet.microsoft.com/en-us/library/cc773354.aspx
You need to install support tools for adsiedit.msc
After finding the server which has the wrong SPN.
Expand Domain and locate the the culprit server
right click on server name>properties and select serviceprincipal name
When you doubleClick SErvicePrincipal name ,you will get a dialog box to add or remove the SPNs
Attaching the screenshot of adsiedit

for setspn syntax refer http://technet.microsoft.com/en-us/library/cc755413.aspx and http://technet.microsoft.com/en-us/library/cc773257.aspx
Syntax to remove SPN using setspn
setspn -d <SPN to remove >  <Server Name>

setspn -d http/daserver1.reskit.microsoft.com daserver1

antalp71Author Commented:

Thanks for the pics, I was not looking in the properties box and so was just seeing an empty user folder.  All sorted now and deleted.

Many Thanks for your help.


Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.