kdc 11, but microsoft's fix isn't working..

G

Guest

First off, I've tried searching for the duplicate spn with no luck, as per:

http://support.microsoft.com/?id=321044


Here is the event log:

----
There are multiple accounts with name HTTP/crm01 of type
DS_SERVICE_PRINCIPAL_NAME.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
----

Here is the ldifde for that server:

---
operatingSystem: Windows Server 2003
operatingSystemVersion: 5.2 (3790)
operatingSystemServicePack: Service Pack 1
dNSHostName: CRM01.eLiberation.com
servicePrincipalName: MSSQLSvc/CRM01.eLiberation.com:1433
servicePrincipalName: SMTPSVC/CRM01
servicePrincipalName: SMTPSVC/CRM01.eLiberation.com
servicePrincipalName: HOST/CRM01
servicePrincipalName: HOST/CRM01.eLiberation.com
objectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=eLiberation,DC=com
---


I don't see any HTTP SPNs in the entire file...any ideas?

Thanks!

Phil
 
G

Glenn LeCheminant

Phil,

You need to do an ldifde dump of your entire directory.
LDIFDE -f dump.txt -s nameofgcserver -t 3268 -d dc=forestname,dc=root -l
serviceprinciplename.

I have seen the event log report HTTP SPN, when the real duplicate was on
HOST
Search the dump file for crm01

You will likely find dups for one or both of these HOST SPNs.
HOST/CRM01
HOST/CRM01.eLiberation.com
 
G

Guest

Thanks for your updated syntax. I found that another domain in the forest
had a disabled CRM01 computer account, but still had SPNs which would
conflict with HOST/crm01

That should remove the error message.

Thanks.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Multiple accounts with the name MSSQLSvc... 2
KDC Error 11 3
GPO update issue, \\domain.net\sysvol not accesible 4

Top