Duplicate names in AD causing kerberos errors
Posted on 2012-03-21
I get this error twice every hour or so on all my dcs.
The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is MSSQLSvc/servername.domain.com:1433 (of type DS_SERVICE_PRINCIPAL_NAME). This may result in authentication failures or downgrades to NTLM. In order to prevent this from occuring remove the duplicate entries for MSSQLSvc/servername.domain.com:1433 in Active Directory.
when i ran a listing of all SPN entries. I see the server itself has the principal name listed as well as the sql administrator account.
all other talk of this error suggests removing the bad server SPN but not sure which isn't supposed to have the entry. Server or AdminAccount?
i tried rebinding to AD but that didn't resolve the errors.
any help would be great.