• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1072
  • Last Modified:

Duplicate SPN on Network

Last weekend I had to change our Sharepoint 2007 farm from NTLM to kerbose authentication. I'm new to Sharepoint and never did this before any why. I added all three of our sharepoint service account to all of the sharepoint sites / ports number for example the service account
SPAPP was added to

The same process as done for the other two service accounts as well.. Today I just noticed ion my DC that I'm getting alot of KDC 11 error messages stating there are duplicate SPN on our domina. Did I break our AD enviroment? How serious are these error messages?

Anywaykerbose seems to be working on are sharepoint enviroment. But when I run the following command on are DC    setspn - x it comes back with 10 duplicate enteries for the http/webserver spn
How do I know when SPN to delete...

is an http spn only needed for the serices accoun that runs the app pool? if so do I need to register it for all port numbers??

Please help
  • 2
  • 2
1 Solution
compdigit44Author Commented:
But how do I know when SPN to leave???

my sharepoint farm uses three server.. web, index and sql server
I registered all three of my service account for my web on all of it web ports..

for example..

setspn -A http/webserver domain\serviceaccount
setspn -A http/webserver:1000 domain\serviceaccount
setpspn -A http/webserver:55555 domain\servicecoount

Now when I do the setspn -x command it comes back with 10 duplicate enteries...

Did I break my AD domain? How serious  of a problem is this? How do I know which SPN to remove and which shoudl stay?
No,don't worry just follow the spn name,even though you can delete spn name if you are not sure & reregister it.


In above link you can use 3rd option using script.


You can remove & reregister it using setspn tool.
compdigit44Author Commented:
Everything worked out perfectly
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now