asked on Receiving Event ID 11 - But I don't see a Duplicate SPN
I'm receiveing this error in the Event Log. It's a new Windows 2008 R2 Domain Controller introduced into my Windows 2003 domain. The computer name is apbrsd2 - in the domain student.apsu.edu.
Log Name: System
Source: Microsoft-Windows-Kerberos
Date: 9/10/2010 3:17:44 PM
Event ID: 11
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: APBRSD2.student.apsu.edu
Description:
The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is cifs/APBRSD2 (of type DS_SERVICE_PRINCIPAL_NAME)
I see this from TechNet: http://technet.microsoft.com/en-us/library/cc733945(WS.10).aspx
But when I run setSPN -X -- there doesn't seem to be a duplicate SPN
C:\Windows\system32>setspn
Checking domain DC=student,DC=apsu,DC=edu
Processing entry 0
found 0 group of duplicate SPNs.
When I use -T -- and look across whole forest -- It shows 4 duplicate SPNs -- but not the one mentioned -- and I wondered across domains if that isn't normal? I see no reference to cifs?
I also download a powershell module I found:
http://blog.powershell.no/2010/01/28/validate-spn-mappings-using-windows-powershell/
and it just falls back to the prompt when I execute the remove-allduplicatedomainS
Log Name: System
Source: Microsoft-Windows-Kerberos
Date: 9/10/2010 3:17:44 PM
Event ID: 11
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: APBRSD2.student.apsu.edu
Description:
The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is cifs/APBRSD2 (of type DS_SERVICE_PRINCIPAL_NAME)
I see this from TechNet: http://technet.microsoft.com/en-us/library/cc733945(WS.10).aspx
But when I run setSPN -X -- there doesn't seem to be a duplicate SPN
C:\Windows\system32>setspn
Checking domain DC=student,DC=apsu,DC=edu
Processing entry 0
found 0 group of duplicate SPNs.
When I use -T -- and look across whole forest -- It shows 4 duplicate SPNs -- but not the one mentioned -- and I wondered across domains if that isn't normal? I see no reference to cifs?
I also download a powershell module I found:
http://blog.powershell.no/2010/01/28/validate-spn-mappings-using-windows-powershell/
and it just falls back to the prompt when I execute the remove-allduplicatedomainS
Windows Server 2008
Last Comment
Ogandos
ASKER
This sounded like a tremendous idea. I ran the command and created the export log. When I searched for cifs -- it didn't find even 'one' though? It's like the phantom duplicate?
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
We can resolve it in a very easy way
go to one of your Domain Controllers and in the command prompt execute a LDIFDE command that export all your AD Dat, one example in order to make it is:
ldifde -x -f ldifde_ADdata.log
Them open this file with notepad and make a search/find for the name:
cifs/APBRSD2
And you will be able to notice that it is in more than one place, them check wich one of these SPN is incorrect and delete the incorrect one