WGE_ENRB
asked on
Event 11 Error: The KDC encountered duplicate names while processing a Kerberos authentication request.
Hi guys, we have this error coming up on our DC... Server 2008R2.... domain trust 2003....
The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is MSSQLSvc/WGE-PER-SQL-01.wg e.internal :1433 (of type DS_SERVICE_PRINCIPAL_NAME) . This may result in authentication failures or downgrades to NTLM. In order to prevent this from occuring remove the duplicate entries for MSSQLSvc/WGE-PER-SQL-01.wg e.internal :1433 in Active Directory.
and this one which seems to be identical except for the name being in lowercase....
The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is MSSQLSvc/wge-per-sql-01.wg e.internal :1433 (of type DS_SERVICE_PRINCIPAL_NAME) . This may result in authentication failures or downgrades to NTLM. In order to prevent this from occuring remove the duplicate entries for MSSQLSvc/wge-per-sql-01.wg e.internal :1433 in Active Directory.
and this one.....
The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is MSSQLSvc/COMPAQ_SQL.wge.in ternal:143 3 (of type DS_SERVICE_PRINCIPAL_NAME) . This may result in authentication failures or downgrades to NTLM. In order to prevent this from occuring remove the duplicate entries for MSSQLSvc/COMPAQ_SQL.wge.in ternal:143 3 in Active Directory.
Found this technet post which seems to be relevant to some degree but couldn't work out what i need to delete...
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/ba6a67c2-ee45-4dcc-9ce4-fb6ebceb1c2a/
These are the results of the spnquery.vbs run on the DC......
cscript spnquery.vbs MSSQLSvc/COMPAQ_SQL.wge.in ternal:143 3
CN=Administrator,CN=Users, DC=wge,DC= internal
Class: user
User Logon: Administrator
-- MSSQLSvc/compaq_sql.wge.in ternal:143 3
-- MSSQLSvc/WGE-MEL-APP-01.wg e.internal :SQLEXPRES S
-- MSSQLSvc/WGE-MEL-APP-01.wg e.internal :52989
-- MSSQLSvc/persurf55.wge.int ernal:1433
CN=admin.sql,CN=Users,DC=w ge,DC=inte rnal
Class: user
User Logon: admin.sql
-- MSSQLSvc/wge-per-sql-01.wg e.internal
-- MSSQLSvc/wge-per-sql-01.wg e.internal :1433
-- MSSQLSvc/WGE-SYD-APP-01.wg e.internal :49491
-- MSSQLSvc/WGE-SYD-APP-01.wg e.internal :SQLEXPRES S
-- MSSQLSvc/compaq_sql.wge.in ternal:143 3
cscript spnquery.vbs MSSQLSvc/wge-per-sql-01.wg e.internal :1433
CN=WGE-PER-SQL-01,OU=Serve rs,OU=Pert h,OU=WGE Sites,DC=wge,DC=internal
Class: computer
Computer DNS: WGE-PER-SQL-01.wge.interna l
-- MSSQLSvc/wge-per-sql-01.wg e.internal
-- MSSQLSvc/wge-per-sql-01.wg e.internal :1433
-- WSMAN/wge-per-sql-01
-- WSMAN/wge-per-sql-01.wge.i nternal
-- TERMSRV/wge-per-sql-01.wge .internal
-- TERMSRV/WGE-PER-SQL-01
-- RestrictedKrbHost/WGE-PER- SQL-01
-- HOST/WGE-PER-SQL-01
-- RestrictedKrbHost/WGE-PER- SQL-01.wge .internal
-- HOST/WGE-PER-SQL-01.wge.in ternal
CN=admin.sql,CN=Users,DC=w ge,DC=inte rnal
Class: user
User Logon: admin.sql
-- MSSQLSvc/wge-per-sql-01.wg e.internal
-- MSSQLSvc/wge-per-sql-01.wg e.internal :1433
-- MSSQLSvc/WGE-SYD-APP-01.wg e.internal :49491
-- MSSQLSvc/WGE-SYD-APP-01.wg e.internal :SQLEXPRES S
-- MSSQLSvc/compaq_sql.wge.in ternal:143 3
cscript spnquery.vbs MSSQLSvc/WGE-PER-SQL-01.wg e.internal :1433
CN=WGE-PER-SQL-01,OU=Serve rs,OU=Pert h,OU=WGE Sites,DC=wge,DC=internal
Class: computer
Computer DNS: WGE-PER-SQL-01.wge.interna l
-- MSSQLSvc/wge-per-sql-01.wg e.internal
-- MSSQLSvc/wge-per-sql-01.wg e.internal :1433
-- WSMAN/wge-per-sql-01
-- WSMAN/wge-per-sql-01.wge.i nternal
-- TERMSRV/wge-per-sql-01.wge .internal
-- TERMSRV/WGE-PER-SQL-01
-- RestrictedKrbHost/WGE-PER- SQL-01
-- HOST/WGE-PER-SQL-01
-- RestrictedKrbHost/WGE-PER- SQL-01.wge .internal
-- HOST/WGE-PER-SQL-01.wge.in ternal
CN=admin.sql,CN=Users,DC=w ge,DC=inte rnal
Class: user
User Logon: admin.sql
-- MSSQLSvc/wge-per-sql-01.wg e.internal
-- MSSQLSvc/wge-per-sql-01.wg e.internal :1433
-- MSSQLSvc/WGE-SYD-APP-01.wg e.internal :49491
-- MSSQLSvc/WGE-SYD-APP-01.wg e.internal :SQLEXPRES S
-- MSSQLSvc/compaq_sql.wge.in ternal:143 3
Any Ideas experts?
The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is MSSQLSvc/WGE-PER-SQL-01.wg
and this one which seems to be identical except for the name being in lowercase....
The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is MSSQLSvc/wge-per-sql-01.wg
and this one.....
The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is MSSQLSvc/COMPAQ_SQL.wge.in
Found this technet post which seems to be relevant to some degree but couldn't work out what i need to delete...
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/ba6a67c2-ee45-4dcc-9ce4-fb6ebceb1c2a/
These are the results of the spnquery.vbs run on the DC......
cscript spnquery.vbs MSSQLSvc/COMPAQ_SQL.wge.in
CN=Administrator,CN=Users,
Class: user
User Logon: Administrator
-- MSSQLSvc/compaq_sql.wge.in
-- MSSQLSvc/WGE-MEL-APP-01.wg
-- MSSQLSvc/WGE-MEL-APP-01.wg
-- MSSQLSvc/persurf55.wge.int
CN=admin.sql,CN=Users,DC=w
Class: user
User Logon: admin.sql
-- MSSQLSvc/wge-per-sql-01.wg
-- MSSQLSvc/wge-per-sql-01.wg
-- MSSQLSvc/WGE-SYD-APP-01.wg
-- MSSQLSvc/WGE-SYD-APP-01.wg
-- MSSQLSvc/compaq_sql.wge.in
cscript spnquery.vbs MSSQLSvc/wge-per-sql-01.wg
CN=WGE-PER-SQL-01,OU=Serve
Class: computer
Computer DNS: WGE-PER-SQL-01.wge.interna
-- MSSQLSvc/wge-per-sql-01.wg
-- MSSQLSvc/wge-per-sql-01.wg
-- WSMAN/wge-per-sql-01
-- WSMAN/wge-per-sql-01.wge.i
-- TERMSRV/wge-per-sql-01.wge
-- TERMSRV/WGE-PER-SQL-01
-- RestrictedKrbHost/WGE-PER-
-- HOST/WGE-PER-SQL-01
-- RestrictedKrbHost/WGE-PER-
-- HOST/WGE-PER-SQL-01.wge.in
CN=admin.sql,CN=Users,DC=w
Class: user
User Logon: admin.sql
-- MSSQLSvc/wge-per-sql-01.wg
-- MSSQLSvc/wge-per-sql-01.wg
-- MSSQLSvc/WGE-SYD-APP-01.wg
-- MSSQLSvc/WGE-SYD-APP-01.wg
-- MSSQLSvc/compaq_sql.wge.in
cscript spnquery.vbs MSSQLSvc/WGE-PER-SQL-01.wg
CN=WGE-PER-SQL-01,OU=Serve
Class: computer
Computer DNS: WGE-PER-SQL-01.wge.interna
-- MSSQLSvc/wge-per-sql-01.wg
-- MSSQLSvc/wge-per-sql-01.wg
-- WSMAN/wge-per-sql-01
-- WSMAN/wge-per-sql-01.wge.i
-- TERMSRV/wge-per-sql-01.wge
-- TERMSRV/WGE-PER-SQL-01
-- RestrictedKrbHost/WGE-PER-
-- HOST/WGE-PER-SQL-01
-- RestrictedKrbHost/WGE-PER-
-- HOST/WGE-PER-SQL-01.wge.in
CN=admin.sql,CN=Users,DC=w
Class: user
User Logon: admin.sql
-- MSSQLSvc/wge-per-sql-01.wg
-- MSSQLSvc/wge-per-sql-01.wg
-- MSSQLSvc/WGE-SYD-APP-01.wg
-- MSSQLSvc/WGE-SYD-APP-01.wg
-- MSSQLSvc/compaq_sql.wge.in
Any Ideas experts?
Your Event log triggers duplicate names as: MSSQLSvc/wge-per-sql-01.wg e.internal :1433,
MSSQLSvc/WGE-PER-SQL-01.wg e.internal :1433 ,
Just delete this duplicate entires
MSSQLSvc/WGE-PER-SQL-01.wg
Just delete this duplicate entires
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
C:\>setspn -x
Checking domain DC=wge,DC=internal
Processing entry 4
MSSQLSvc/compaq_sql.wge.in
CN=admin.sql,CN=Users,DC=w
CN=Administrator,CN=Users,
MSSQLSvc/wge-per-sql-01.wg
CN=admin.sql,CN=Users,DC=w
CN=WGE-PER-SQL-01,OU=Serve
MSSQLSvc/wge-per-sql-01.wg
CN=admin.sql,CN=Users,DC=w
CN=WGE-PER-SQL-01,OU=Serve
MSSQLSvc/WGE-MEL-APP-01.wg
CN=Administrator,CN=Users,
CN=WGE-MEL-APP-01,OU=Serve
MSSQLSvc/WGE-MEL-APP-01.wg
CN=Administrator,CN=Users,
CN=WGE-MEL-APP-01,OU=Serve
found 5 groups of duplicate SPNs.