troubleshooting Question

Receiving Event ID 11 - But I don't see a Duplicate SPN

Avatar of C Emmons
C EmmonsFlag for United States of America asked on
Windows Server 2008
3 Comments1 Solution6082 ViewsLast Modified:
I'm receiveing this error in the Event Log.  It's a new Windows 2008 R2 Domain Controller introduced into my Windows 2003 domain. The computer name is apbrsd2 - in the domain student.apsu.edu.

Log Name:      System
Source:        Microsoft-Windows-Kerberos-Key-Distribution-Center
Date:          9/10/2010 3:17:44 PM
Event ID:      11
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      APBRSD2.student.apsu.edu
Description:
The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is cifs/APBRSD2 (of type DS_SERVICE_PRINCIPAL_NAME). This may result in authentication failures or downgrades to NTLM. In order to prevent this from occuring remove the duplicate entries for cifs/APBRSD2 in Active Directory.
I see this from TechNet:  http://technet.microsoft.com/en-us/library/cc733945(WS.10).aspx

But when I run setSPN -X  -- there doesn't seem to be a duplicate SPN

C:\Windows\system32>setspn -X
Checking domain DC=student,DC=apsu,DC=edu
Processing entry 0
found 0 group of duplicate SPNs.

When I use -T -- and look across whole forest -- It shows 4 duplicate SPNs -- but not the one mentioned -- and I wondered across domains if that isn't normal?  I see no reference to cifs?
I also download a powershell module I found:
http://blog.powershell.no/2010/01/28/validate-spn-mappings-using-windows-powershell/
and it just falls back to the prompt when I execute the remove-allduplicatedomainSPNs -- I assume it doesn't find anything -- it doesn't say either way. (I did load the module and see the functions okay).  Anyone have any ideas?


     
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 3 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 3 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros