Removing duplicate SPNs (Service Name Providers)

here you go
http://technet.microsoft.com/en-us/library/cc786325(WS.10).aspx 

you can add delete using instructions in this article

Thank you

For simplicity, lets use MSSQLSvc/iksdb01.iks.bz:1139 as an example.
I opened up AdsiEdit and was able to find this SPN under the ServicePrincipleName section of:
DC=iks,DC=bz -> CN=Computers -> CN=IKSDB01
DC=iks,DC=bz -> CN=Users -> CN=Administrator
IKSDB01 is one of our old servers running MS SQL SERVER 2000.
I have no problem with deleting one of the SPNs, and now know how to.  Thank you!

I am still unsure as to which one to delete...
In the article he says:
Locate the westpex computer and find out what's the account in which secuirty context SQL Server service executes. If this is Administrator's account, delete the second one - otherwise (if this is a local System or Network Service account, delete the first one).

Where would I find this in SQL Server?  Or would I locate this in services.msc?
From services.msc, if I look at the "Log In As" field under the various database instances, some of them have different values ... some say "IKS\Administrator" (our domain admin login), and some say "Local System".  Is this what I'm looking for?

How will I be able to tell what MSSQLSvc/iksdb01.iks.bz:1139 corresponds with in this list.
Thanks!

some say "IKS\Administrator" (our domain admin login), and some say "Local System".  Is this what I'm looking for?
Yes so administrator is what is used.
Take a look at part 2 of this DS team series
http://blogs.technet.com/b/askds/archive/2008/06/09/kerberos-authentication-problems-service-principal-name-spn-issues-part-2.aspx
about halfway down they use  queryspn.vbs and go through the process
Thanks
Mike

Can't believe I forgot to mention Joes great entry  http://blog.joeware.net/2008/07/17/1407/

@MKLine71, thank you!  I think I need to explain it more ... I've attached a screenshot of the SQL Server section of services.msc ... you can see all the different database instances.  Some are running under IKS\Administrator and some under Local System.

How am I to know which database instance corresponds to, for example: MSSQLSvc/iksdb01.iks.bz:1139 ?  Any SQL Server experts on here? :)

SQLServer2000.jpg

Ok, probably a pretty clunky way of doing this but I figured out a way to do this:

Using MSSQLSvc/iksdb01.iks.bz:1139 as an example:
From the command line, I run:
netstat -ano | findstr 1139
It returns: TCP    0.0.0.0:1139           0.0.0.0:0              LISTENING       1592

(1592 is the PID process ID?)

From the registry, I navigate to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server

The folders under here are all my database instances .. then I would navigate to the MSSQLServer folder underneath, and look for the "uptime_pid" key which is 1592.

So now I know that MSSQLSvc/iksdb01.iks.bz:1139 corresponds to my MSSQL$SQL2000SMARTSEAL service.

One last question .... if for SOME reason, I delete the WRONG SPN, how do I recover from this?

I assume that I could just change the authentication from within SQL Server, or just unjoin the server from the domain and rejoin it.  Some reassurance would be great before I start deleting stuff with ADSIEdit :)

Awesome ... all my questions have been answered and I feel like I actually comprehend this now. THANKS!

thanks...if you don't mind respond and let us know how things went when you are done.

I tried it for the first one in my list ... deleted the duplicate SPN, and am successfully able to get to the database.  I'll leave it like that for a couple days just to make sure nobody's affective and then I'll knock out all the other ones, going with Sharepoint LAST because that's our most important server here :)