F
Fred
Hi guys,
Hope you can help. We have 2 DCs on our Domain, both W2k. Both run Global
Catalog, other FSMO roles shared between them. First DC has multiple Event
11 (KDC) errors in the System log.
Error states:
There are multiple accounts with name host/web.Domain.com of type 10.
I have looked into this and followed the instructions within KB305971. I
set the filter to search the subtree scope for:
serviceprincipalname=host/web.domain.com
and get back the following results:
***Searching...
ldap_search_s(ld, "DC=Domain, DC=com", 2,
"serviceprincipalname=host/WEB.Domain.COM", attrList, 0, &msg)
Result <0>: (null)
Matched DNs:
Getting 2 entries:1> canonicalName: Domain.com/All Computers/W2k3 Servers/WEB;
1> cn: WEB;
1> distinguishedName: CN=WEB,OU=W2k3 Servers,OU=All
Computers,DC=Domain,DC=com;
5> objectClass: top; person; organizationalPerson; user; computer;
1> name: WEB;1> canonicalName: Domain.com/Users/crmadmin crmadmin;
1> cn: crmadmin crmadmin;
1> distinguishedName: CN=crmadmin crmadmin,CN=Users,DC=Domain,DC=com;
4> objectClass: top; person; organizationalPerson; user;
1> name: crmadmin crmadmin;
KB305971 says to use ADSIEDIT to locate the Duplicate SPN and remove it.
Can anyone provide instructions on how to remove the SPN. I am unsure where
and what to look for, and would rather not knacker the AD (Great Plan!!) I
can then perform the final step on KB305971 and remove the Server from the
Domain and re-add it.
Thanks in advance
Fred
Hope you can help. We have 2 DCs on our Domain, both W2k. Both run Global
Catalog, other FSMO roles shared between them. First DC has multiple Event
11 (KDC) errors in the System log.
Error states:
There are multiple accounts with name host/web.Domain.com of type 10.
I have looked into this and followed the instructions within KB305971. I
set the filter to search the subtree scope for:
serviceprincipalname=host/web.domain.com
and get back the following results:
***Searching...
ldap_search_s(ld, "DC=Domain, DC=com", 2,
"serviceprincipalname=host/WEB.Domain.COM", attrList, 0, &msg)
Result <0>: (null)
Matched DNs:
Getting 2 entries:1> canonicalName: Domain.com/All Computers/W2k3 Servers/WEB;
1> cn: WEB;
1> distinguishedName: CN=WEB,OU=W2k3 Servers,OU=All
Computers,DC=Domain,DC=com;
5> objectClass: top; person; organizationalPerson; user; computer;
1> name: WEB;1> canonicalName: Domain.com/Users/crmadmin crmadmin;
1> cn: crmadmin crmadmin;
1> distinguishedName: CN=crmadmin crmadmin,CN=Users,DC=Domain,DC=com;
4> objectClass: top; person; organizationalPerson; user;
1> name: crmadmin crmadmin;
KB305971 says to use ADSIEDIT to locate the Duplicate SPN and remove it.
Can anyone provide instructions on how to remove the SPN. I am unsure where
and what to look for, and would rather not knacker the AD (Great Plan!!) I
can then perform the final step on KB305971 and remove the Server from the
Domain and re-add it.
Thanks in advance
Fred