Link to home
Start Free TrialLog in
Avatar of WGE_ENRB
WGE_ENRB

asked on

Event 11 Error: The KDC encountered duplicate names while processing a Kerberos authentication request.

Hi guys, we have this error coming up on our DC... Server 2008R2.... domain trust 2003....

The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is MSSQLSvc/WGE-PER-SQL-01.wge.internal:1433 (of type DS_SERVICE_PRINCIPAL_NAME). This may result in authentication failures or downgrades to NTLM. In order to prevent this from occuring remove the duplicate entries for MSSQLSvc/WGE-PER-SQL-01.wge.internal:1433 in Active Directory.

and this one which seems to be identical except for the name being in lowercase....

The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is MSSQLSvc/wge-per-sql-01.wge.internal:1433 (of type DS_SERVICE_PRINCIPAL_NAME). This may result in authentication failures or downgrades to NTLM. In order to prevent this from occuring remove the duplicate entries for MSSQLSvc/wge-per-sql-01.wge.internal:1433 in Active Directory.

and this one.....

The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is MSSQLSvc/COMPAQ_SQL.wge.internal:1433 (of type DS_SERVICE_PRINCIPAL_NAME). This may result in authentication failures or downgrades to NTLM. In order to prevent this from occuring remove the duplicate entries for MSSQLSvc/COMPAQ_SQL.wge.internal:1433 in Active Directory.

Found this technet post which seems to be relevant to some degree but couldn't work out what i need to delete...

http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/ba6a67c2-ee45-4dcc-9ce4-fb6ebceb1c2a/

These are the results of the spnquery.vbs run on the DC......

cscript spnquery.vbs MSSQLSvc/COMPAQ_SQL.wge.internal:1433

CN=Administrator,CN=Users,DC=wge,DC=internal
Class: user
User Logon: Administrator
-- MSSQLSvc/compaq_sql.wge.internal:1433
-- MSSQLSvc/WGE-MEL-APP-01.wge.internal:SQLEXPRESS
-- MSSQLSvc/WGE-MEL-APP-01.wge.internal:52989
-- MSSQLSvc/persurf55.wge.internal:1433

CN=admin.sql,CN=Users,DC=wge,DC=internal
Class: user
User Logon: admin.sql
-- MSSQLSvc/wge-per-sql-01.wge.internal
-- MSSQLSvc/wge-per-sql-01.wge.internal:1433
-- MSSQLSvc/WGE-SYD-APP-01.wge.internal:49491
-- MSSQLSvc/WGE-SYD-APP-01.wge.internal:SQLEXPRESS
-- MSSQLSvc/compaq_sql.wge.internal:1433

cscript spnquery.vbs MSSQLSvc/wge-per-sql-01.wge.internal:1433

CN=WGE-PER-SQL-01,OU=Servers,OU=Perth,OU=WGE Sites,DC=wge,DC=internal
Class: computer
Computer DNS: WGE-PER-SQL-01.wge.internal
-- MSSQLSvc/wge-per-sql-01.wge.internal
-- MSSQLSvc/wge-per-sql-01.wge.internal:1433
-- WSMAN/wge-per-sql-01
-- WSMAN/wge-per-sql-01.wge.internal
-- TERMSRV/wge-per-sql-01.wge.internal
-- TERMSRV/WGE-PER-SQL-01
-- RestrictedKrbHost/WGE-PER-SQL-01
-- HOST/WGE-PER-SQL-01
-- RestrictedKrbHost/WGE-PER-SQL-01.wge.internal
-- HOST/WGE-PER-SQL-01.wge.internal

CN=admin.sql,CN=Users,DC=wge,DC=internal
Class: user
User Logon: admin.sql
-- MSSQLSvc/wge-per-sql-01.wge.internal
-- MSSQLSvc/wge-per-sql-01.wge.internal:1433
-- MSSQLSvc/WGE-SYD-APP-01.wge.internal:49491
-- MSSQLSvc/WGE-SYD-APP-01.wge.internal:SQLEXPRESS
-- MSSQLSvc/compaq_sql.wge.internal:1433

cscript spnquery.vbs MSSQLSvc/WGE-PER-SQL-01.wge.internal:1433

CN=WGE-PER-SQL-01,OU=Servers,OU=Perth,OU=WGE Sites,DC=wge,DC=internal
Class: computer
Computer DNS: WGE-PER-SQL-01.wge.internal
-- MSSQLSvc/wge-per-sql-01.wge.internal
-- MSSQLSvc/wge-per-sql-01.wge.internal:1433
-- WSMAN/wge-per-sql-01
-- WSMAN/wge-per-sql-01.wge.internal
-- TERMSRV/wge-per-sql-01.wge.internal
-- TERMSRV/WGE-PER-SQL-01
-- RestrictedKrbHost/WGE-PER-SQL-01
-- HOST/WGE-PER-SQL-01
-- RestrictedKrbHost/WGE-PER-SQL-01.wge.internal
-- HOST/WGE-PER-SQL-01.wge.internal

CN=admin.sql,CN=Users,DC=wge,DC=internal
Class: user
User Logon: admin.sql
-- MSSQLSvc/wge-per-sql-01.wge.internal
-- MSSQLSvc/wge-per-sql-01.wge.internal:1433
-- MSSQLSvc/WGE-SYD-APP-01.wge.internal:49491
-- MSSQLSvc/WGE-SYD-APP-01.wge.internal:SQLEXPRESS
-- MSSQLSvc/compaq_sql.wge.internal:1433


Any Ideas experts?
Avatar of WGE_ENRB
WGE_ENRB

ASKER

Additionally I have the following Results...

C:\>setspn -x
Checking domain DC=wge,DC=internal
Processing entry 4
MSSQLSvc/compaq_sql.wge.internal:1433 is registered on these accounts:
        CN=admin.sql,CN=Users,DC=wge,DC=internal
        CN=Administrator,CN=Users,DC=wge,DC=internal

MSSQLSvc/wge-per-sql-01.wge.internal:1433 is registered on these accounts:
        CN=admin.sql,CN=Users,DC=wge,DC=internal
        CN=WGE-PER-SQL-01,OU=Servers,OU=Perth,OU=WGE Sites,DC=wge,DC=internal

MSSQLSvc/wge-per-sql-01.wge.internal is registered on these accounts:
        CN=admin.sql,CN=Users,DC=wge,DC=internal
        CN=WGE-PER-SQL-01,OU=Servers,OU=Perth,OU=WGE Sites,DC=wge,DC=internal

MSSQLSvc/WGE-MEL-APP-01.wge.internal:52989 is registered on these accounts:
        CN=Administrator,CN=Users,DC=wge,DC=internal
        CN=WGE-MEL-APP-01,OU=Servers,OU=Melbourne,OU=WGE Sites,DC=wge,DC=internal

MSSQLSvc/WGE-MEL-APP-01.wge.internal:SQLEXPRESS is registered on these accounts:

        CN=Administrator,CN=Users,DC=wge,DC=internal
        CN=WGE-MEL-APP-01,OU=Servers,OU=Melbourne,OU=WGE Sites,DC=wge,DC=internal

found 5 groups of duplicate SPNs.
Avatar of barane
barane
Flag of India image
Your Event log triggers duplicate names as: MSSQLSvc/wge-per-sql-01.wge.internal:1433,
MSSQLSvc/WGE-PER-SQL-01.wge.internal:1433 ,

Just delete this duplicate entires
ASKER CERTIFIED SOLUTION
Avatar of ActiveDirectoryman
ActiveDirectoryman
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial