Event 11 Error: The KDC encountered duplicate names while processing a Kerberos authentication request.

Hi guys, we have this error coming up on our DC... Server 2008R2.... domain trust 2003....

The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is MSSQLSvc/WGE-PER-SQL-01.wge.internal:1433 (of type DS_SERVICE_PRINCIPAL_NAME). This may result in authentication failures or downgrades to NTLM. In order to prevent this from occuring remove the duplicate entries for MSSQLSvc/WGE-PER-SQL-01.wge.internal:1433 in Active Directory.

and this one which seems to be identical except for the name being in lowercase....

The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is MSSQLSvc/wge-per-sql-01.wge.internal:1433 (of type DS_SERVICE_PRINCIPAL_NAME). This may result in authentication failures or downgrades to NTLM. In order to prevent this from occuring remove the duplicate entries for MSSQLSvc/wge-per-sql-01.wge.internal:1433 in Active Directory.

and this one.....

The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is MSSQLSvc/COMPAQ_SQL.wge.internal:1433 (of type DS_SERVICE_PRINCIPAL_NAME). This may result in authentication failures or downgrades to NTLM. In order to prevent this from occuring remove the duplicate entries for MSSQLSvc/COMPAQ_SQL.wge.internal:1433 in Active Directory.

Found this technet post which seems to be relevant to some degree but couldn't work out what i need to delete...

http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/ba6a67c2-ee45-4dcc-9ce4-fb6ebceb1c2a/

These are the results of the spnquery.vbs run on the DC......

cscript spnquery.vbs MSSQLSvc/COMPAQ_SQL.wge.internal:1433

CN=Administrator,CN=Users,DC=wge,DC=internal
Class: user
User Logon: Administrator
-- MSSQLSvc/compaq_sql.wge.internal:1433
-- MSSQLSvc/WGE-MEL-APP-01.wge.internal:SQLEXPRESS
-- MSSQLSvc/WGE-MEL-APP-01.wge.internal:52989
-- MSSQLSvc/persurf55.wge.internal:1433

CN=admin.sql,CN=Users,DC=wge,DC=internal
Class: user
User Logon: admin.sql
-- MSSQLSvc/wge-per-sql-01.wge.internal
-- MSSQLSvc/wge-per-sql-01.wge.internal:1433
-- MSSQLSvc/WGE-SYD-APP-01.wge.internal:49491
-- MSSQLSvc/WGE-SYD-APP-01.wge.internal:SQLEXPRESS
-- MSSQLSvc/compaq_sql.wge.internal:1433

cscript spnquery.vbs MSSQLSvc/wge-per-sql-01.wge.internal:1433

CN=WGE-PER-SQL-01,OU=Servers,OU=Perth,OU=WGE Sites,DC=wge,DC=internal
Class: computer
Computer DNS: WGE-PER-SQL-01.wge.internal
-- MSSQLSvc/wge-per-sql-01.wge.internal
-- MSSQLSvc/wge-per-sql-01.wge.internal:1433
-- WSMAN/wge-per-sql-01
-- WSMAN/wge-per-sql-01.wge.internal
-- TERMSRV/wge-per-sql-01.wge.internal
-- TERMSRV/WGE-PER-SQL-01
-- RestrictedKrbHost/WGE-PER-SQL-01
-- HOST/WGE-PER-SQL-01
-- RestrictedKrbHost/WGE-PER-SQL-01.wge.internal
-- HOST/WGE-PER-SQL-01.wge.internal

CN=admin.sql,CN=Users,DC=wge,DC=internal
Class: user
User Logon: admin.sql
-- MSSQLSvc/wge-per-sql-01.wge.internal
-- MSSQLSvc/wge-per-sql-01.wge.internal:1433
-- MSSQLSvc/WGE-SYD-APP-01.wge.internal:49491
-- MSSQLSvc/WGE-SYD-APP-01.wge.internal:SQLEXPRESS
-- MSSQLSvc/compaq_sql.wge.internal:1433

cscript spnquery.vbs MSSQLSvc/WGE-PER-SQL-01.wge.internal:1433

CN=WGE-PER-SQL-01,OU=Servers,OU=Perth,OU=WGE Sites,DC=wge,DC=internal
Class: computer
Computer DNS: WGE-PER-SQL-01.wge.internal
-- MSSQLSvc/wge-per-sql-01.wge.internal
-- MSSQLSvc/wge-per-sql-01.wge.internal:1433
-- WSMAN/wge-per-sql-01
-- WSMAN/wge-per-sql-01.wge.internal
-- TERMSRV/wge-per-sql-01.wge.internal
-- TERMSRV/WGE-PER-SQL-01
-- RestrictedKrbHost/WGE-PER-SQL-01
-- HOST/WGE-PER-SQL-01
-- RestrictedKrbHost/WGE-PER-SQL-01.wge.internal
-- HOST/WGE-PER-SQL-01.wge.internal

CN=admin.sql,CN=Users,DC=wge,DC=internal
Class: user
User Logon: admin.sql
-- MSSQLSvc/wge-per-sql-01.wge.internal
-- MSSQLSvc/wge-per-sql-01.wge.internal:1433
-- MSSQLSvc/WGE-SYD-APP-01.wge.internal:49491
-- MSSQLSvc/WGE-SYD-APP-01.wge.internal:SQLEXPRESS
-- MSSQLSvc/compaq_sql.wge.internal:1433


Any Ideas experts?
WGE_ENRBAsked:
Who is Participating?
 
ActiveDirectorymanConnect With a Mentor Commented:

THIS IS WILL SHOW YOU STEP BY STEP HOW TO REMOVE THE DUPLICATE SPNS
http://social.technet.microsoft.com/Forums/en/winservergen/thread/09a86d74-de48-4bda-9cc9-435da4f59910
0
 
WGE_ENRBAuthor Commented:
Additionally I have the following Results...

C:\>setspn -x
Checking domain DC=wge,DC=internal
Processing entry 4
MSSQLSvc/compaq_sql.wge.internal:1433 is registered on these accounts:
        CN=admin.sql,CN=Users,DC=wge,DC=internal
        CN=Administrator,CN=Users,DC=wge,DC=internal

MSSQLSvc/wge-per-sql-01.wge.internal:1433 is registered on these accounts:
        CN=admin.sql,CN=Users,DC=wge,DC=internal
        CN=WGE-PER-SQL-01,OU=Servers,OU=Perth,OU=WGE Sites,DC=wge,DC=internal

MSSQLSvc/wge-per-sql-01.wge.internal is registered on these accounts:
        CN=admin.sql,CN=Users,DC=wge,DC=internal
        CN=WGE-PER-SQL-01,OU=Servers,OU=Perth,OU=WGE Sites,DC=wge,DC=internal

MSSQLSvc/WGE-MEL-APP-01.wge.internal:52989 is registered on these accounts:
        CN=Administrator,CN=Users,DC=wge,DC=internal
        CN=WGE-MEL-APP-01,OU=Servers,OU=Melbourne,OU=WGE Sites,DC=wge,DC=internal

MSSQLSvc/WGE-MEL-APP-01.wge.internal:SQLEXPRESS is registered on these accounts:

        CN=Administrator,CN=Users,DC=wge,DC=internal
        CN=WGE-MEL-APP-01,OU=Servers,OU=Melbourne,OU=WGE Sites,DC=wge,DC=internal

found 5 groups of duplicate SPNs.
0
 
baraneCommented:
Your Event log triggers duplicate names as: MSSQLSvc/wge-per-sql-01.wge.internal:1433,
MSSQLSvc/WGE-PER-SQL-01.wge.internal:1433 ,

Just delete this duplicate entires
0
All Courses

From novice to tech pro — start learning today.