SPN errors on Remote Desktop Server - Windows 2012 R2

I have recently installed two Remote Desktop Servers on our network and installed our ERP software on both these servers. The ERP program connects to a 2012 SQL server. When looking at event logs on both servers I find Microsoft-Windows-Security-Kerberos errors. Below is the error. How do I fix this? I have read some articles on this issue but don't understand how to correct.

A Kerberos error message was received:
 on logon session
 Client Time:
 Server Time: 5:0:5.0000 1/8/2018 Z
 Error Code: 0x7  KDC_ERR_S_PRINCIPAL_UNKNOWN
 Extended Error: 0xc0000035 KLIN(0)
 Client Realm:
 Client Name:
 Server Realm: SHAMROCK.COM
 Server Name: MSSQLSvc/SQLSERVER.DomainName.com:1433
 Target Name: MSSQLSvc/SQLSERVER.DomainName.com:1433@DomainNameK.COM
 Error Text:
 File: 9
 Line: 1396
 Error Data is in record data.
TimSr. System AdminAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hello ThereSystem AdministratorCommented:
Resolution here.

The extended error 0x0000035 means that it is an issue with duplicate Service Principal Names (SPN).

Run:
PS C:\Windows\system32> setspn -X

Then try to remove the old SPN with setspn.exe:

PS C:\Windows\system32> setspn -D MSSQLSvc/sql1.example.com:1433 sql1

After trying the delete command again a couple of times the duplicate was removed and the client servers stopped reporting the kerberos error.
0
Hello ThereSystem AdministratorCommented:
Also check this discussion that provides more information.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TimSr. System AdminAuthor Commented:
I ran the command above and it returned the following. It said it found two groups of Duplicate SPNs. Here is my confusion, it says duplicate SPN's but I only see each name listed once. The second name on the list is our other SQL server which services our Intranet. I don't know why it would show on the SQLSERVER but it does. According to your solution I should remove the duplicate name but which is it or is it both?

Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.

C:\Users\administrator.DomainName>setspn -x
Checking domain DC=DomainName,DC=com
Processing entry 1
MSSQLSvc/sqlserver.DomainName.com:1433 is registered on these accounts:
        CN=sqlagent,CN=Users,DC=DomainName,DC=com
        CN=Administrator,CN=Users,DC=DomainName,DC=com

MSSQLSvc/sqlserver2.DomainName.com:1433 is registered on these accounts:
        CN=sqlagent,CN=Users,DC=DomainName,DC=com
        CN=SQLSERVER2,OU=WSUS,DC=DomainName,DC=com

found 2 groups of duplicate SPNs.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.