[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 749
  • Last Modified:

KDC Error in System Log of SBS 2003 SP2 DC

Repeated in a continuous loop every 20 minutes or so . . .

"There are multiple accounts with name cifs/cccvr01.ccc.local of type DS_SERVICE_PRINCIPAL_NAME"

"There are multiple accounts with name host/cccvr01.ccc.local of type DS_SERVICE_PRINCIPAL_NAME"

"There are multiple accounts with name RPCSS/cccvr01.ccc.local of type DS_SERVICE_PRINCIPAL_NAME"
0
Patt5735
Asked:
Patt5735
  • 9
1 Solution
 
RichardWltenburgCommented:
0
 
Patt5735Author Commented:
I did see that article.  The problem that I have is that they don't actually provide a solution.  Those three methods just help in searching for a duplicate.  But once you find a duplicate, what do you actually do to resolve it?
0
 
Patt5735Author Commented:
In the meantime, I'm going to search again using those methods.  The results given by their tools are not very clear to me.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
Patt5735Author Commented:
Perhaps you can help me discipher this.  This is the output from Microsoft's method two:


dn: CN=CCCSVR01,OU=Domain Controllers,DC=CCC,DC=local
changetype: add
servicePrincipalName: MSSQLSvc/cccsvr01.CCC.local
servicePrincipalName:
 VProRecovery Backup Exec System Recovery Agent 9.0/cccsvr01.CCC.local
servicePrincipalName:
 VProRecovery Backup Exec System Recovery Agent 8.5/cccsvr01.CCC.local
servicePrincipalName:
 VProRecovery Backup Exec System Recovery Agent 8.0/cccsvr01.CCC.local
servicePrincipalName: http/crm
servicePrincipalName: http/cccsvr01.ccc.local
servicePrincipalName: http/cccsvr01
servicePrincipalName:
 VProRecovery Backup Exec System Recovery Agent 7.0/cccsvr01.CCC.local
servicePrincipalName: {14E52635-0A95-4a5c-BDB1-E0D0C703B6C8}/CCCSVR01
servicePrincipalName:
 {14E52635-0A95-4a5c-BDB1-E0D0C703B6C8}/cccsvr01.CCC.local
servicePrincipalName: exchangeMDB/cccsvr01.CCC.local
servicePrincipalName: exchangeMDB/CCCSVR01
servicePrincipalName: exchangeRFR/cccsvr01.CCC.local
servicePrincipalName: exchangeRFR/CCCSVR01
servicePrincipalName: exchangeAB/CCCSVR01
servicePrincipalName: exchangeAB/cccsvr01.CCC.local
servicePrincipalName: SMTPSVC/CCCSVR01
servicePrincipalName: SMTPSVC/cccsvr01.CCC.local
servicePrincipalName:
 NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/cccsvr01.CCC.local
servicePrincipalName: ldap/cccsvr01.CCC.local/ForestDnsZones.CCC.local
servicePrincipalName: GC/cccsvr01.CCC.local/CCC.local
servicePrincipalName: HOST/cccsvr01.CCC.local/CCC
servicePrincipalName: HOST/CCCSVR01
servicePrincipalName: HOST/cccsvr01.CCC.local
servicePrincipalName: HOST/cccsvr01.CCC.local/CCC.local
servicePrincipalName:
 E3514235-4B06-11D1-AB04-00C04FC2DCD2/dd370d98-f771-4746-a7d2-b52924e465d1/CCC.
 local
servicePrincipalName:
 ldap/dd370d98-f771-4746-a7d2-b52924e465d1._msdcs.CCC.local
servicePrincipalName: ldap/cccsvr01.CCC.local/CCC
servicePrincipalName: ldap/CCCSVR01
servicePrincipalName: ldap/cccsvr01.CCC.local
servicePrincipalName: ldap/cccsvr01.CCC.local/DomainDnsZones.CCC.local
servicePrincipalName: ldap/cccsvr01.CCC.local/CCC.local
servicePrincipalName: DNS/cccsvr01.CCC.local

dn: CN=CRM Admin,CN=Users,DC=CCC,DC=local
changetype: add
servicePrincipalName: MSSQLSvc/cccsvr02.CCC.local:1433
servicePrincipalName: HOST/CCCSVR01
servicePrincipalName: HOST/cccsvr01.CCC.local

0
 
Patt5735Author Commented:
I ran "setspn -r cccsv01"  ...  waiting to see if that resolves the error(s).
0
 
Patt5735Author Commented:
"setspn -r cccsvr01" did not resolve the issue.  The machine that is throwing the errors is our DC, so it can't be removed from the domain.  What's the next step?
0
 
Patt5735Author Commented:
Updated the setspn tool with the new version to enable the "find duplicate entries" switch... the result...

C:\Documents and Settings\Administrator>setspn -x
Processing entry 0
HOST/cccsvr01.CCC.local is registered on these accounts:
    CN=CRM Admin,CN=Users,DC=CCC,DC=local
    CN=CCCSVR01,OU=Domain Controllers,DC=CCC,DC=local

HOST/CCCSVR01 is registered on these accounts:
    CN=CRM Admin,CN=Users,DC=CCC,DC=local
    CN=CCCSVR01,OU=Domain Controllers,DC=CCC,DC=local

found 2 groups of duplicate SPNs.
0
 
Patt5735Author Commented:
setspn -d cccsvr01 ... successful

setspn -x

Processing entry 0
HOST/cccsvr01.CCC.local is registered on these accounts:
    CN=CRM Admin,CN=Users,DC=CCC,DC=local
    CN=CCCSVR01,OU=Domain Controllers,DC=CCC,DC=local

found 1 group of duplicate SPNs.
0
 
Patt5735Author Commented:
Duplicate SPN removed from the CRM Admin user via the ADSI Edit tool.  Hope my documentation of the troubleshooting process is helpful to someone else down the line.
0
 
Patt5735Author Commented:
The issue is resolved.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 9
Tackle projects and never again get stuck behind a technical roadblock.
Join Now