SPN errors on Remote Desktop Server - Windows 2012 R2

I have recently installed two Remote Desktop Servers on our network and installed our ERP software on both these servers. The ERP program connects to a 2012 SQL server. When looking at event logs on both servers I find Microsoft-Windows-Security-Kerberos errors. Below is the error. How do I fix this? I have read some articles on this issue but don't understand how to correct.

A Kerberos error message was received:
 on logon session
 Client Time:
 Server Time: 5:0:5.0000 1/8/2018 Z
 Error Code: 0x7  KDC_ERR_S_PRINCIPAL_UNKNOWN
 Extended Error: 0xc0000035 KLIN(0)
 Client Realm:
 Client Name:
 Server Realm: SHAMROCK.COM
 Server Name: MSSQLSvc/SQLSERVER.DomainName.com:1433
 Target Name: MSSQLSvc/SQLSERVER.DomainName.com:1433@DomainNameK.COM
 Error Text:
 File: 9
 Line: 1396
 Error Data is in record data.
TimSr. System AdminAsked:
Who is Participating?
 
Hello ThereConnect With a Mentor System AdministratorCommented:
Also check this discussion that provides more information.
0
 
Hello ThereSystem AdministratorCommented:
Resolution here.

The extended error 0x0000035 means that it is an issue with duplicate Service Principal Names (SPN).

Run:
PS C:\Windows\system32> setspn -X

Then try to remove the old SPN with setspn.exe:

PS C:\Windows\system32> setspn -D MSSQLSvc/sql1.example.com:1433 sql1

After trying the delete command again a couple of times the duplicate was removed and the client servers stopped reporting the kerberos error.
0
 
TimSr. System AdminAuthor Commented:
I ran the command above and it returned the following. It said it found two groups of Duplicate SPNs. Here is my confusion, it says duplicate SPN's but I only see each name listed once. The second name on the list is our other SQL server which services our Intranet. I don't know why it would show on the SQLSERVER but it does. According to your solution I should remove the duplicate name but which is it or is it both?

Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.

C:\Users\administrator.DomainName>setspn -x
Checking domain DC=DomainName,DC=com
Processing entry 1
MSSQLSvc/sqlserver.DomainName.com:1433 is registered on these accounts:
        CN=sqlagent,CN=Users,DC=DomainName,DC=com
        CN=Administrator,CN=Users,DC=DomainName,DC=com

MSSQLSvc/sqlserver2.DomainName.com:1433 is registered on these accounts:
        CN=sqlagent,CN=Users,DC=DomainName,DC=com
        CN=SQLSERVER2,OU=WSUS,DC=DomainName,DC=com

found 2 groups of duplicate SPNs.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.