I am having an issue on one of my DCs. I keep getting an event log entry stating I have a duplicate SPN. The DC stops processing logins as a result.
The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is RPCSS/mis45 (of type DS_SERVICE_PRINCIPAL_NAME). This may result in authentication failures or downgrades to NTLM. In order to prevent this from occuring remove the duplicate entries for RPCSS/mis45 in Active Directory.
I am not however, able to find the duplicate SPN stated in the log entry.
Checking domain DC=splat,DC=com
Processing entry 11
found 0 group of duplicate SPNs.
C:\>setspn -l mis45
Registered ServicePrincipalNames for CN=MIS45,CN=Computers,DC=splat,DC=com:
I also ran the query at the Forrest level and got 71 groups of duplicate entries on different systems. Some that don't exist anymore and some that still do including the mentioned culprit. The duplicates are however, on child domains. (I will deal with those later)
Why can't I find the duplicate SPN?
Could the duplicate SPN mentioned be in one of the child domains?
Why is only this DC getting the log entry?