Solved

Event 11 Error: The KDC encountered duplicate names while processing a Kerberos authentication request.

Posted on 2011-03-22
3
6,242 Views
Last Modified: 2012-05-11
Hi guys, we have this error coming up on our DC... Server 2008R2.... domain trust 2003....

The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is MSSQLSvc/WGE-PER-SQL-01.wge.internal:1433 (of type DS_SERVICE_PRINCIPAL_NAME). This may result in authentication failures or downgrades to NTLM. In order to prevent this from occuring remove the duplicate entries for MSSQLSvc/WGE-PER-SQL-01.wge.internal:1433 in Active Directory.

and this one which seems to be identical except for the name being in lowercase....

The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is MSSQLSvc/wge-per-sql-01.wge.internal:1433 (of type DS_SERVICE_PRINCIPAL_NAME). This may result in authentication failures or downgrades to NTLM. In order to prevent this from occuring remove the duplicate entries for MSSQLSvc/wge-per-sql-01.wge.internal:1433 in Active Directory.

and this one.....

The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is MSSQLSvc/COMPAQ_SQL.wge.internal:1433 (of type DS_SERVICE_PRINCIPAL_NAME). This may result in authentication failures or downgrades to NTLM. In order to prevent this from occuring remove the duplicate entries for MSSQLSvc/COMPAQ_SQL.wge.internal:1433 in Active Directory.

Found this technet post which seems to be relevant to some degree but couldn't work out what i need to delete...

http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/ba6a67c2-ee45-4dcc-9ce4-fb6ebceb1c2a/

These are the results of the spnquery.vbs run on the DC......

cscript spnquery.vbs MSSQLSvc/COMPAQ_SQL.wge.internal:1433

CN=Administrator,CN=Users,DC=wge,DC=internal
Class: user
User Logon: Administrator
-- MSSQLSvc/compaq_sql.wge.internal:1433
-- MSSQLSvc/WGE-MEL-APP-01.wge.internal:SQLEXPRESS
-- MSSQLSvc/WGE-MEL-APP-01.wge.internal:52989
-- MSSQLSvc/persurf55.wge.internal:1433

CN=admin.sql,CN=Users,DC=wge,DC=internal
Class: user
User Logon: admin.sql
-- MSSQLSvc/wge-per-sql-01.wge.internal
-- MSSQLSvc/wge-per-sql-01.wge.internal:1433
-- MSSQLSvc/WGE-SYD-APP-01.wge.internal:49491
-- MSSQLSvc/WGE-SYD-APP-01.wge.internal:SQLEXPRESS
-- MSSQLSvc/compaq_sql.wge.internal:1433

cscript spnquery.vbs MSSQLSvc/wge-per-sql-01.wge.internal:1433

CN=WGE-PER-SQL-01,OU=Servers,OU=Perth,OU=WGE Sites,DC=wge,DC=internal
Class: computer
Computer DNS: WGE-PER-SQL-01.wge.internal
-- MSSQLSvc/wge-per-sql-01.wge.internal
-- MSSQLSvc/wge-per-sql-01.wge.internal:1433
-- WSMAN/wge-per-sql-01
-- WSMAN/wge-per-sql-01.wge.internal
-- TERMSRV/wge-per-sql-01.wge.internal
-- TERMSRV/WGE-PER-SQL-01
-- RestrictedKrbHost/WGE-PER-SQL-01
-- HOST/WGE-PER-SQL-01
-- RestrictedKrbHost/WGE-PER-SQL-01.wge.internal
-- HOST/WGE-PER-SQL-01.wge.internal

CN=admin.sql,CN=Users,DC=wge,DC=internal
Class: user
User Logon: admin.sql
-- MSSQLSvc/wge-per-sql-01.wge.internal
-- MSSQLSvc/wge-per-sql-01.wge.internal:1433
-- MSSQLSvc/WGE-SYD-APP-01.wge.internal:49491
-- MSSQLSvc/WGE-SYD-APP-01.wge.internal:SQLEXPRESS
-- MSSQLSvc/compaq_sql.wge.internal:1433

cscript spnquery.vbs MSSQLSvc/WGE-PER-SQL-01.wge.internal:1433

CN=WGE-PER-SQL-01,OU=Servers,OU=Perth,OU=WGE Sites,DC=wge,DC=internal
Class: computer
Computer DNS: WGE-PER-SQL-01.wge.internal
-- MSSQLSvc/wge-per-sql-01.wge.internal
-- MSSQLSvc/wge-per-sql-01.wge.internal:1433
-- WSMAN/wge-per-sql-01
-- WSMAN/wge-per-sql-01.wge.internal
-- TERMSRV/wge-per-sql-01.wge.internal
-- TERMSRV/WGE-PER-SQL-01
-- RestrictedKrbHost/WGE-PER-SQL-01
-- HOST/WGE-PER-SQL-01
-- RestrictedKrbHost/WGE-PER-SQL-01.wge.internal
-- HOST/WGE-PER-SQL-01.wge.internal

CN=admin.sql,CN=Users,DC=wge,DC=internal
Class: user
User Logon: admin.sql
-- MSSQLSvc/wge-per-sql-01.wge.internal
-- MSSQLSvc/wge-per-sql-01.wge.internal:1433
-- MSSQLSvc/WGE-SYD-APP-01.wge.internal:49491
-- MSSQLSvc/WGE-SYD-APP-01.wge.internal:SQLEXPRESS
-- MSSQLSvc/compaq_sql.wge.internal:1433


Any Ideas experts?
0
Comment
Question by:WGE_ENRB
3 Comments
 

Author Comment

by:WGE_ENRB
ID: 35196235
Additionally I have the following Results...

C:\>setspn -x
Checking domain DC=wge,DC=internal
Processing entry 4
MSSQLSvc/compaq_sql.wge.internal:1433 is registered on these accounts:
        CN=admin.sql,CN=Users,DC=wge,DC=internal
        CN=Administrator,CN=Users,DC=wge,DC=internal

MSSQLSvc/wge-per-sql-01.wge.internal:1433 is registered on these accounts:
        CN=admin.sql,CN=Users,DC=wge,DC=internal
        CN=WGE-PER-SQL-01,OU=Servers,OU=Perth,OU=WGE Sites,DC=wge,DC=internal

MSSQLSvc/wge-per-sql-01.wge.internal is registered on these accounts:
        CN=admin.sql,CN=Users,DC=wge,DC=internal
        CN=WGE-PER-SQL-01,OU=Servers,OU=Perth,OU=WGE Sites,DC=wge,DC=internal

MSSQLSvc/WGE-MEL-APP-01.wge.internal:52989 is registered on these accounts:
        CN=Administrator,CN=Users,DC=wge,DC=internal
        CN=WGE-MEL-APP-01,OU=Servers,OU=Melbourne,OU=WGE Sites,DC=wge,DC=internal

MSSQLSvc/WGE-MEL-APP-01.wge.internal:SQLEXPRESS is registered on these accounts:

        CN=Administrator,CN=Users,DC=wge,DC=internal
        CN=WGE-MEL-APP-01,OU=Servers,OU=Melbourne,OU=WGE Sites,DC=wge,DC=internal

found 5 groups of duplicate SPNs.
0
 
LVL 3

Expert Comment

by:barane
ID: 35196277
Your Event log triggers duplicate names as: MSSQLSvc/wge-per-sql-01.wge.internal:1433,
MSSQLSvc/WGE-PER-SQL-01.wge.internal:1433 ,

Just delete this duplicate entires
0
 
LVL 8

Accepted Solution

by:
ActiveDirectoryman earned 500 total points
ID: 35196329

THIS IS WILL SHOW YOU STEP BY STEP HOW TO REMOVE THE DUPLICATE SPNS
http://social.technet.microsoft.com/Forums/en/winservergen/thread/09a86d74-de48-4bda-9cc9-435da4f59910
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
Using examples as well as descriptions, and references to Books Online, show the documentation available for datatypes, explain the available data types and show how data can be passed into and out of variables.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now