KDC Error 11 - duplicate SPN's for SQL Server
Apologies, but I've been reading a lot about SPN's and my brain is melting and I don't want to break something trying to fix this.
My DC's have the following error:
Event Type: Error
Event Source: KDC
Event Category: None
Event ID: 11
Date: 9/25/2013
Time: 10:15:01 AM
User: N/A
Computer: *DC1
Description:
There are multiple accounts with name MSSQLSvc/<sqlservername>.<
When I run "setspn -X" on the sqlserver in question, I get these results:
Checking domain DC=<domain>,DC=local
Processing entry 0
MSSQLSvc/MSSQLSvc/<sqlserv
CN=sqlservice,CN=Users,DC=
CN=Administrator,CN=Users,
CN=<sqlservername>,OU=Serv
MSSQLSvc/MSSQLSvc/<sqlserv
CN=sqlservice,CN=Users,DC=
CN=Administrator,CN=Users,
CN=<sqlservername>,OU=Serv
found 2 groups of duplicate SPNs.
I know I need to run "setspn -D" to delete the duplicate SPN, but I'm not 100% sure what that is...
Please help!
My DC's have the following error:
Event Type: Error
Event Source: KDC
Event Category: None
Event ID: 11
Date: 9/25/2013
Time: 10:15:01 AM
User: N/A
Computer: *DC1
Description:
There are multiple accounts with name MSSQLSvc/<sqlservername>.<
When I run "setspn -X" on the sqlserver in question, I get these results:
Checking domain DC=<domain>,DC=local
Processing entry 0
MSSQLSvc/MSSQLSvc/<sqlserv
CN=sqlservice,CN=Users,DC=
CN=Administrator,CN=Users,
CN=<sqlservername>,OU=Serv
MSSQLSvc/MSSQLSvc/<sqlserv
CN=sqlservice,CN=Users,DC=
CN=Administrator,CN=Users,
CN=<sqlservername>,OU=Serv
found 2 groups of duplicate SPNs.
I know I need to run "setspn -D" to delete the duplicate SPN, but I'm not 100% sure what that is...
Please help!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
check this one: what it is and how to remove dups
The 411 on the KDC 11 Events
http://blogs.technet.com/b/askpfeplat/archive/2012/03/29/the-411-on-the-kdc-11-events.aspx
The 411 on the KDC 11 Events
http://blogs.technet.com/b/askpfeplat/archive/2012/03/29/the-411-on-the-kdc-11-events.aspx
ASKER
Kickass! Thanks for the help, it's all fixed now.
here you can delete the SPN on server object and test if that works.
If you are familiar with ADSI, i will recommend you to do the changes through it as it is a GUI based but any mistakes in ADSI will be non-reversal and may impact heavily.
if you are not sure then just use SETSPN command but make a note of all changes so that you can revert them back.