I'm receiveing this error in the Event Log. It's a new Windows 2008 R2 Domain Controller introduced into my Windows 2003 domain. The computer name is apbrsd2 - in the domain student.apsu.edu.
Log Name: System
Date: 9/10/2010 3:17:44 PM
Event ID: 11
Task Category: None
The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is cifs/APBRSD2 (of type DS_SERVICE_PRINCIPAL_NAME)
. This may result in authentication failures or downgrades to NTLM. In order to prevent this from occuring remove the duplicate entries for cifs/APBRSD2 in Active Directory.
I see this from TechNet: http://technet.microsoft.com/en-us/library/cc733945(WS.10).aspx
But when I run setSPN -X -- there doesn't seem to be a duplicate SPN
Checking domain DC=student,DC=apsu,DC=edu
Processing entry 0
found 0 group of duplicate SPNs.
When I use -T -- and look across whole forest -- It shows 4 duplicate SPNs -- but not the one mentioned -- and I wondered across domains if that isn't normal? I see no reference to cifs?
I also download a powershell module I found:
and it just falls back to the prompt when I execute the remove-allduplicatedomainS
PNs -- I assume it doesn't find anything -- it doesn't say either way. (I did load the module and see the functions okay). Anyone have any ideas?
We can resolve it in a very easy way
go to one of your Domain Controllers and in the command prompt execute a LDIFDE command that export all your AD Dat, one example in order to make it is:
ldifde -x -f ldifde_ADdata.log
Them open this file with notepad and make a search/find for the name:
And you will be able to notice that it is in more than one place, them check wich one of these SPN is incorrect and delete the incorrect one