Home > Event Id > Event Id 11 The Kdc Encountered Duplicate Names

Event Id 11 The Kdc Encountered Duplicate Names


Tuesday, August 07, 2012 2:17 PM Reply | Quote 0 Sign in to vote Hi, As it looks like a duplicate SPN's issue with regards to SQL server, check the following Everything I have found searching talks of two domain machines but not the situation of machine+serviceaccount. Type LDP and click OK. 3. The KB posted above describes howto find the duplicates. Source

If I am on the right track, I think I need to delete those two entries with the SID then replace them with a new current lower privelaged domain user account, An approach you can take would be to run LDP.exe (a utility available from the Windows 2000 resource kit). As per Microsoft: "There are two or more computer accounts that have the same service principal names (SPNs) registered".See ME321044 for more details. Set the filter as the following: (serviceprincipalname=HOST/ ) 12.

Event Id 11 The Kdc Encountered Duplicate Names

Globally replaced my pc's name with the original DC's name, and rebooted. When you run SQL using a domain service account instead of Local System the domain account must have a MSSQLSVC SPN for kerberos authentication to the SQL server to succeed. By creating an account, you're agreeing to our Terms of Use, Privacy Policy and to receive emails from Spiceworks. See example of private comment Links: Setspn Overview Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...

The domain service account has SPNs for each of the SQL boxes like so:MSSQLSvc/ I:a] do nothingb] delete the SPN from each of the server objectsc] delete the SPNs from the When replacing or removing machines, try to have them cleanly leave the domain. If you don't use kerberos, no big deal. Setspn Command All rights reserved.

But then we needed to enable kerberos authentication for our BizTalk 2004 server's SQL server and we ran into an interesting question. Event Id 11 Kerberos-key-distribution-center Duplicate Names Bet you a dollar that you've done one or more of the following: pushed for standardized server names, spent hours writing SQL Server maintenance related TSQL scripts that are SQL Server Which looks like this: >> Dn: CN=Servername, OU=Domain Controllers, ... ... >> Dn: CN=Administrator, OU=Users, ... ... 5. Event ID 11 How to Configure an SPN for SQL Server Site Database Servers Hope this helps..

Open the properties page of this DN and choose serverPrincipalName from the second listbox. Service Principal Name So if I am reading the above text correctly if I create another domain account to run the service on the 2nd sql server this error may go away or will I followed the procedure at; and did find two entries for that Service Principal name.  One is a User (a domain admin) and the other is one is a computer Join Now For immediate help use Live now!

Event Id 11 Kerberos-key-distribution-center Duplicate Names

CN=Administrator, OU=Users, ...). You can also use dsquery command (part of adminpak.msi) C:\>dsquery * -filter "(serviceprincipalname=MSSQLSvc/" -attr samaccountname When you've found the accounts causing the duplicate, use setspn command line tool to delete the Event Id 11 The Kdc Encountered Duplicate Names I previously had my SQL running with a user account then changed it to run with a system account. Event Id 11 Atapi You cannot delete other posts.

Joe Even after attempting to delete and spnset -D it still shows up? this contact form Thanks!And as to the OCD statement, it was said in a tone of complete respect. Any suggestions would be greatly appreciated. Event ID 11 — Service Principal Name Configuration Hope this helpsBest Regards, Sandesh Dubey. Event Id 11 Disk

Privacy policy | Site Map | About | Contact Us | Disclaimer Rating 1 2 3 4 5 Overall Rating: 0 (0 ratings) Log in or register to post comments ActionsThis Document Follow Shortcut Abuse PDF Related Content Show - Any -BlogDiscussionDocumentEventVideo Apply

Microsoft Customer Support Microsoft Community Forums Windows Server TechCenter   Sign in United States (English) Brasil (Português)Česká republika (Čeština)Deutschland (Deutsch)España (Español)France (Français)Indonesia (Bahasa)Italia (Italiano)România (Română)Türkiye (Türkçe)Россия (Русский)ישראל (עברית)المملكة العربية السعودية (العربية)ไทย (ไทย)대한민국 Krb_ap_err_modified SPNMSSQLSvc/ appears in dn: CN=SQL Admin,OU=DB Administrators,OU=DB Management,DC=uk,DC=corp,DC=company,DC=net dn: CN=OM_SQLSRV,OU=SQL Servers,OU=DB Management,DC=uk,DC=corp,DC=company,DC=net Questions. 1. During the replacement, the old server was renamed and physically removed, but was not removed from AD and DNS.

The idea is to search for the duplicate and remove it.

Thanks again! 0 Question has a verified solution. This fixed the problem in my case. Tuesday, August 07, 2012 11:53 AM Reply | Quote Moderator 0 Sign in to vote Hi Paul Yes we do use the same domain user account to run the SQLSERVERAGENT andMSSQLSERVER Set Scope to Subtree. 13.

The name in the Network ID Tab was back to normal. In either case, this indicates that you have a duplicate machine nameregistered within the Active Directory on your domain. I am having the same issue, it showed up in my backup exec out of the blue. So i had a read of this blog and ran his adfind tool which gives the below results.

This posting is provided "AS IS" with no warranties, and confers no rights. Of course, to see the SPN's you'll have to edit the attributes of the account in some LDAP editing tool, like ADSIEDIT, but they'll be there. You cannot post new polls. They are:1) Use Windows 2003 ADU&C, create a query, custom LDAP, and enter the following:servicePrincipalName=MSSQLSvc/ will return all objects with that SPN.2) Use a tool like adfind.exe with the following query:Adfind.exe

There are multiple accounts with name MSSQLSvc/ of type DS_SERVICE_PRINCIPAL_NAME. Also I would suggest you go back and do a clean up of the SPN's that have been created for this shared service account. Well, for not only posting the details of your your problem but following through with the answer after no one responded. x 72 Anonymous I was seeing this error in my lab machines for multiple spns in the format cifs\.

Join our community for more solutions or to ask questions. From this, ADSIEDIT on the rogue entry to edit the servicePrincipalName attribute. The error came up once every hour. Comments: Anonymous SETSPN -X (Windows 2008 / Windows 7) will return duplicate SPNs.

If you have a name collision (joining a new machine to the domain that has the same name of some now-missing machine), remember to both clean up the computer object and Use ASIEDIT in order to delete the offending systems.This is the detailed procedure:In order to enable the service to authenticate properly, you need to make sure that the service has only I followed Ander Taylor's post and on a hunch, I checked the old service account and the current computer account. I never knew that pinging a GUID was possible! :)Joe Wednesday, December 26, 2012 3:49 PM Reply | Quote 0 Sign in to vote Not sure.

Jack in the Box Ars Legatus Legionis Tribus: Edmonton, AB, Canada Registered: Nov 5, 1999Posts: 10134 Posted: Mon May 09, 2005 10:58 am What service account does the SQL service account In my lab machine, I first created the root domain and joined one host as a member server of the root domain. Events Experts Bureau Events Community Corner Awards & Recognition Behind the Scenes Feedback Forum Cisco Certifications Cisco Press Café Cisco On Demand Support & Downloads Community Resources Security Alerts Security Alerts By creating an account, you're agreeing to our Terms of Use, Privacy Policy and to receive emails from Spiceworks.

x 73 EventID.Net See ME911353 for a situation in which this event occurs.