Error 11 KDC

[Harrison Midkiff]

Hello:

I have been getting event id's 11 with a source of KDC in my event log on my
domain controllers. I have looked at TechNet article 321044 and they
reference using ADSIEdit or LDP to resolve this. I have tried both, but I
can not seem to resolve this issue. Can anyone shed some light on this?
The full event is below.

Event Type: Error
Event Source: KDC
Event Category: None
Event ID: 11
Date: 3/2/2005
Time: 2:15:07 PM
User: N/A
Computer: TPADC1
Description:
There are multiple accounts with name host/tpa-cthornton.aviinc.local of
type 10.

Harrison Midkiff

 

[Frances [MSFT]]

Hello Harrison,

Thank you for your posting.

According to the error message, this error is caused by duplicate service
principal names (SPNs) registered by computer accounts.

Have you located the machine accounts that have the duplicate SPNs? You
mentioned you have tried ADSIEdit. Can you see the machines with the same
SPN? In your case, the duplicated SPN is host/tpa-cthornton.aviinc.local.

We need to do the following steps.
1. Locate the machine with the duplicate SPN.
2. Delete the duplicate SPN and add the correct SPN.
For example: let us say you have two machine, machine1 and machine2. They
may have the same SPN: HOST/machine1.mydomain.com. With ADSIEdit, you can
edit the SPN list on machine2 to delete the duplicate SPN
(HOST/machine1.mydomain.com), add the correct SPN
(HOST/machine2.mydomain.com), and then allow it to replicate to your other
domain controllers.


In your scenario, please find the computers with the SPN
host/tpa-cthornton.aviinc.local by ADSIEdit and edit the SPN.

Follow the steps below to achieve your goal.

1. Click Start, point to Programs, click Windows 2000 Support Tools, click
Tools, and then click ADSI Edit.
Note If the Windows 2000 Support Tools are not installed, install them from
the Windows 2000 CD. The file path is <CDROM Drive>:Support\Tools\Setup.exe.

2. Expand the Domain container.

3. Expand DC=My Domain, DC=COM.

4. Right-click the container CN=Computers and click CN=computername (the
name varies), and then click Properties.

5. In the CN=<ObjectName> Properties window, click Optional.

6. Click Select which property to view, and then click servicePrincipalName.

7. In the Values list, click host/tpa-cthornton.aviinc.local.

8. Edit the value, and then click OK.


Hope this helps. If you have any further questions, don't hesitate to get
in touch!


Best regards,

Frances He


Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Harrison Midkiff]

Frances:

Thanks for your reply...

I am looking at one of the computer accounts in ADSIEdit that is generating
a KDC event. The event is:

Event Type: Error
Event Source: KDC
Event Category: None
Event ID: 11
Date: 3/3/2005
Time: 7:06:07 PM
User: N/A
Computer: TPADC1
Description:
There are multiple accounts with name HOST/jaxdc1.AVIINC.LOCAL of type 10.

I am not sure what I should delete. Here is all the ServicePrincipalName
values:

MSSQLSvc/jaxdc1.AVIINC.LOCAL:2743
LDAP/jaxdc1.AVIINC.LOCAL/AVIINC.LOCAL
DNS/jaxdc1/AVIINC.LOCAL
NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/jax
HOST/JAXDC1
HOST/jaxdc1.AVIINC.LOCAL
HOST/jaxdc1.AVIINC.LOCAL/AVIINC
HOST/jaxdc1.AVIINC.LOCAL/AVIINC.LOCAL
GC/jaxdc1.AVIINC.LOCAL/AVIINC.LOCAL
LDAP/JAXDC1
LDAP/jaxdc1.AVIINC.LOCAL/AVIINC
LDAP/jaxdc1.AVIINC.LOCAL
LDAP/35907490-7bb0-4024-ac5d
E3514235-4B06-11D1-AB04-00C04F


I am not sure which entry is considered a duplicate? Any suggestions...

 

[Frances [MSFT]]

Hello,

According to your information, you have located the problematic computer.

If this is not a DC, you can delete the machine account from the domain,
disjoin and rejoin the machine to the domain. This way, you can resolve the
KDC 11 error.

If this is a DC, please do the following steps.

1. Copy all the servicePrincipalName to a .txt file for backup.

2. Change the name of HOST/jaxdc1.AVIINC.LOCAL according to the computer
name.
For example, if the computer name is jaxdc2, you can change it to
HOST/jaxdc2.AVIINC.LOCAL.

3. Save your modification and then check the effect.

4. If the error persists, you can try to replace all jaxdc1 with the new
name.

5. Save your modification and then check the effect.

In addition, have you changed the computer name of this problematic
computer? By default, the SPN will take the computer name as part of its
name.

Hope this helps. If you have any further questions, don't hesitate to get
in touch!

Best regards,

Frances He


Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Harrison Midkiff]

Frances:

Thanks for your reply.

Your reply confused me a little bit. The computer name is
"jaxdc1.aviinc.local". Everything under the ServicePricipleName attribute
for the computer name looks right. I am really not sure what to do.

Any suggestions?

Harrison Midkiff

 

[Jeremy Hallock]

Harrison,

If you have duplicate SPNs, it usually means you have more than one
object with the same SPN. So if all of the SPNs on that object are
correct, it means there is another object in your domain with same SPN.
So, in my opinion, the easiest way to find out what that object is, is
to do an ldifde dump of your domain to a text file and search for the
string in the event. You should find it twice. Once, it will be listed
under the correct object. Second, it should appear under another object
in your domain, which will be the object that needs to have the SPN
entry modified / deleted.

 

[Frances [MSFT]]

Hello,

Thank you for your feed back.

If the computer name is "jaxdc1.aviinc.local", it seems that there is
another computer in you domain with the same SPN of
HOST/jaxdc1.AVIINC.LOCAL.

Our goal it to find that computer and change its SPN attributes. Or just
delete the machine account from the domain, disjoin and rejoin the machine
to the domain.

Please use ADSIEdit to find the other computer with the SPN of
HOST/jaxdc1.AVIINC.LOCAL in your domain if you don't have many computers.
Otherwise, you can use ldifde, as Jeremy suggested.

If you have any further questions, don't hesitate to get in touch!

Best regards,

Frances He


Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Harrison Midkiff]

Francis:

Thanks for replying.

I followed your suggestion and created a dump. I searched the text file and found the entry on the computer object. The object was old so I deleted it. Today I am still getting a KDC error referencing "cifs/jaxdc1.aviinc.local". I searched the dump but I can't find this. This was appearing before. I thought when I deleted the duplicate this would go away. Any suggestions?

Harrison Midkiff

 

[Frances [MSFT]]

Hello Harrison,

Good to hear that you have located the computer with duplicated SPN.

Does the computer exist in your domain now? After you deleted the computer
account, please disjoin it from the domain and rejoin it. Then check the
effect.

If the problem still persists, please send the exact KDC error message to
(e-mail address removed) for further research. Also send me the dump you
created.

I am looking forward to your reply.

Best regards,

Frances He


Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Frances [MSFT]]

Hello Harrison,

We haven't heard from you. How is it going? Please feel free to respond to
the
newsgroups if you need additional help.

Have a great day!

Best regards,

Frances He


Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Guest]

(Sorry if this gets posted twice)

Thank you for all the great advice posted here. I am having the same
problem with two different SPNs, but they don't have duplicates in the dump
file. They're servers so are there any other suggestions before I reboot
them? Also, the KDC errors are being generated at 9pm every day and 1am
every saturday, could there be some service running something or connecting
somewhere that could be causing this problem?

Thank you.

 

[Guest]

Hello Harrison,

We haven't heard from you. How is it going? Please feel free to respond to
the
newsgroups if you need additional help.

Have a great day!

Best regards,

Frances He


Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.