Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

DS_SERVICE_PRINCIPAL_NAME Event 11

Posted on 2009-07-09
1
Medium Priority
?
1,112 Views
Last Modified: 2012-06-27
I'm running into the DS_SERVICE_PRINCIPAL_NAME KDC Event 11 and I would appreciate some expert help resolving it.
I'm running a server 2003 domain. The host in question is server 2003 and running one instance of SQL 2005 and another of SQL 2000 and the error applies to the common SQL account that runs both instances.

I tried using methods 1 and 3 outlined at http://support.microsoft.com/kb/321044. I have to admit I'm not familiar with these tools or how to use the results. I tried using both ports 389 or 3268.  The exact error is MSSQLSvc/Host.Domain.org:1433 of type DS_SERVICE_PRINCIPAL_NAME.

Searching MSSQLSvc/MyServer.Domain.org:1433 returns a ton of results, from several servers and varied port numbers.

CN=SQLService,CN=....
Class: user
User Logon: SQLService
-- MSSQLSvc/MyServer.Domain.org:1401
-- MSSQLSvc/MyServer.Domain.org:1433
-- MSSQLSvc/MyServer.,Domain.org:1401
-- MSSQLSvc/AnotherServer.Domain.org:1433
....

User Logon: AUser
-- MSSQLSvc/MyServer.Host.Domain.org:1433
0
Comment
Question by:timbrigham
1 Comment
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 2000 total points
ID: 24816086
The SPN shall be unique and only exist on one single account, in this case the service account running SQL Server on MyServer.
Use setspn and remove the duplicated SPN from the accounts that shall not have the SPN

setspn -D MSSQLSvc/MyServer.Domain.Org:1433 accountname

The method I prefer is to use dsquery (similar to ldifde method) is to use dsquery.
dsquery * -filter (serviceprincipalname=<serchedSPN>) -attr name
or
dsquery * -filter (serviceprincipalname=<serchedSPN>) -attr name serviceprincipalname
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question