Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 343
  • Last Modified:

kerberos error message

One of my SQL servers pops a Error Code: 0x7  KDC_ERR_S_PRINCIPAL_UNKNOWN error every 15 minutes.  Text of the error is

A Kerberos Error Message was received:
 on logon session
 Client Time:
 Server Time: 0:0:1.0000 1/22/2014 Z
 Error Code: 0x7  KDC_ERR_S_PRINCIPAL_UNKNOWN
 Extended Error: 0xc0000035 KLIN(0)
 Client Realm:
 Client Name:
 Server Realm: XXXX.LOC
 Server Name: MSSQLSvc/annie.XXXX.loc:1433
 Target Name: MSSQLSvc/annie.XXXX.loc:1433@XXXX.LOC
 Error Text:
 File: 9
 Line: e2d
 Error Data is in record data.

Annie is another SQL server which this server  sends log shipping to, and the errors occur at the interval of the LSbackups.

The quick link takes me to a MSFT page telling me how to reset stored passwords. Completed this on both servers involved with no improvement.

Went a step further and ran setspn.exe to verify no duplicate records.

I have rebooted Annie with no improvement, but do not want to reboot the production server unless it is sure to fix it.  Nothing I read indicates it should be necessary.

Anybody more familiar with this?
0
billherde
Asked:
billherde
3 Solutions
 
Lionel MMSmall Business IT ConsultantCommented:
I'm not much help but Kerboros messages are usually about permissions, user logons and passwords--anything change lately with regard to maybe changing passwords, removing users, or restoring database?
0
 
giltjrCommented:
How did you check for duplicate SPN's?

ldifde -f C:\SPNs.txt -t 3268 -d dc=domain,dc=com -l serviceprincipalname -r (serviceprincipalname=*) -p subtree

In the above command, replace DC=domain,DC=com with the DN of the domain. To check if duplicate SPN is present

Ref:

http://social.technet.microsoft.com/Forums/systemcenter/en-US/be6fcac4-7310-42d1-980e-e1725b464756/kerberos-spns?forum=systemcenter
0
 
Michael PfisterCommented:
0
 
billherdeAuthor Commented:
There have been no user updates that should be involved in the SQL servers.

I used setspn -X to check for duplicate SPNs.

'setspn -L administrator'  shows two registered SPN for Annie for the system administrator. The target names matche the servername in the error.

I note there is a -R option which says
To reset the default SPN registrations for the host names for an account  
•Type the following at a command prompt:

setspn -R  AccountName

Does anybody know what they mean by reset?  I do not want to clear all SPNs for the administrator account.
0
 
billherdeAuthor Commented:
The -R switch was the answer.  Since the SPN was there, and was correct, It was just a matter of the first SQL server forgot about it.  The -r switch says it means Reset, but a more accurate description shows when you run it.  It RE-REGISTERS the SPN.  So running 'setspn -R Annie' re-registered the SPNs set for Annie and the error went away.

Thanks for the pointers guys!
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now