KDC error -- dublicte serviceprincipalname

R

ReneSidler

I need some help getting rid of this KDC 11 error

I have a dublicate entry which I have found with the ldp

***Searching...
ldap_search_s(ld, "DC=SIDMAR,DC=LOCAL", 2,
"serviceprincipalname=MSSQLSvc/sidmarsrv01.sidmar.local:1433",
attrList, 0, &msg)
Result <0>: (null)
Matched DNs:
Getting 2 entries:4> objectClass: top; person; organizationalPerson; user;
1> cn: Administrator;
1> description: Vordefiniertes Konto für die Verwaltung des Computers
bzw. der Domäne;
1> distinguishedName: CN=Administrator,CN=Users,DC=sidmar,DC=local;
1> name: Administrator;
1> canonicalName: sidmar.local/Users/Administrator;5> objectClass: top; person; organizationalPerson; user; computer;
1> cn: SIDMARSRV01;
1> distinguishedName: CN=SIDMARSRV01,OU=Domain
Controllers,DC=sidmar,DC=local;
1> name: SIDMARSRV01;
1> canonicalName: sidmar.local/Domain Controllers/SIDMARSRV01;


but now which of the above entries i have to delete? and how do i do
it... I have tryed ADSIEdit but I coud not find the right entry...

Thanks for any suggestions

Regards

Rene
 
J

Joe Richards [MVP]

Delete the SPN from the admin account. No clue how that got there except some
admin probably didn't know what they were doing.

You can clear this up pretty easily. Download admod from www.joeware.net and
enter the following command, it should be on one line (in case of line wrap)

admod -b CN=Administrator,CN=Users,DC=sidmar,DC=local servicePrincipalName:-


That will result in the spn being cleared from the admin account object.

joe
 
C

Chriss3 [MVP]

This happens if you install Microsoft CRM on a Domain Controller.
Use Joes excellent tool or ADSIedit to remove the duplicated SPN.

--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup
 
R

ReneSidler

Chriss3 MVP said:
This happens if you install Microsoft CRM on a Domain
Controller.
Use Joes excellent tool or ADSIedit to remove the duplicated
SPN.

--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips

"Joe Richards [MVP]" <[email protected]> skrev i
meddelandet

&nbsp;>> I need some help getting rid of this KDC 11 error
&nbsp;>>
&nbsp;>> I have a dublicate entry which I have found with the
ldp
&nbsp;>>
&nbsp;>> ***Searching...
&nbsp;>> ldap_search_s(ld, "DC=SIDMAR,DC=LOCAL", 2,
&nbsp;>>
"serviceprincipalname=MSSQLSvc/sidmarsrv01.sidmar.local:1433",
&nbsp;>> attrList, 0, &msg)
&nbsp;>> Result &lt;0&gt;: (null)
&nbsp;>> Matched DNs: Getting 2 entries:
&nbsp;>>
&nbsp;&nbsp;>>>>Dn:
CN=Administrator,CN=Users,DC=sidmar,DC=local
&nbsp;>>
&nbsp;>> 4&gt; objectClass: top; person; organizationalPerson;
user; 1&gt; cn:
&nbsp;>> Administrator; 1&gt; description: Vordefiniertes
Konto für die Verwaltung
&nbsp;>> des Computers
&nbsp;>> bzw. der Domäne; 1&gt; distinguishedName:
&nbsp;>> CN=Administrator,CN=Users,DC=sidmar,DC=local; 1&gt;
name: Administrator; 1&gt;
&nbsp;>> canonicalName: sidmar.local/Users/Administrator;
&nbsp;&nbsp;>>>>Dn: CN=SIDMARSRV01,OU=Domain
Controllers,DC=sidmar,DC=local
&nbsp;>>
&nbsp;>> 5&gt; objectClass: top; person; organizationalPerson;
user; computer; 1&gt; cn:
&nbsp;>> SIDMARSRV01; 1&gt; distinguishedName:
CN=SIDMARSRV01,OU=Domain
&nbsp;>> Controllers,DC=sidmar,DC=local; 1&gt; name:
SIDMARSRV01; 1&gt; canonicalName:
&nbsp;>> sidmar.local/Domain Controllers/SIDMARSRV01; but now
which of the above
&nbsp;>> entries i have to delete? and how do i do
&nbsp;>> it... I have tryed ADSIEdit but I coud not find the
right entry...
&nbsp;>>
&nbsp;>> Thanks for any suggestions
&nbsp;>>
&nbsp;>> Regards Rene
&nbsp;>>
Click to expand...

Thanks for your Help, I have tried it but get the following error...

AdMod V01.03.00cpp Joe Richards ([email protected]) February 2005

WARN: Delete/Clear option illogical for add, ignoring.
DN Count: 1
Using server: sidmarsrv01.sidmar.local
Adding specified objects...
DN: cn=administrator,cn=users,dc=sidmar,dc=local...:
[sidmarsrv01.sidmar.loca
l] Error 0x41 (65) - Verletzung der Objektklasse


ERROR: Too many errors encountered, terminating...

The command did not complete successfully


what did I do wrong ??
 
J

Joe Richards [MVP]

Bug in V1.3 I corrected but haven't released, I apologize.

In the meanwhile use adsiedit or the following script



dn=wscript.arguments.item(0)
set o=GetObject("LDAP://" & dn)
o.putex 1,"serviceprincipalname",""
o.setinfo()






--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net

Chriss3 MVP said:
This happens if you install Microsoft CRM on a Domain
Controller.
Use Joes excellent tool or ADSIedit to remove the duplicated
SPN.

--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips

"Joe Richards [MVP]" <[email protected]> skrev i
meddelandet

&nbsp;>> I need some help getting rid of this KDC 11 error
&nbsp;>>
&nbsp;>> I have a dublicate entry which I have found with the
ldp
&nbsp;>>
&nbsp;>> ***Searching...
&nbsp;>> ldap_search_s(ld, "DC=SIDMAR,DC=LOCAL", 2,
&nbsp;>>
"serviceprincipalname=MSSQLSvc/sidmarsrv01.sidmar.local:1433",
&nbsp;>> attrList, 0, &msg)
&nbsp;>> Result &lt;0&gt;: (null)
&nbsp;>> Matched DNs: Getting 2 entries:
&nbsp;>>
&nbsp;&nbsp;>>>>Dn:
CN=Administrator,CN=Users,DC=sidmar,DC=local
&nbsp;>>
&nbsp;>> 4&gt; objectClass: top; person; organizationalPerson;
user; 1&gt; cn:
&nbsp;>> Administrator; 1&gt; description: Vordefiniertes
Konto für die Verwaltung
&nbsp;>> des Computers
&nbsp;>> bzw. der Domäne; 1&gt; distinguishedName:
&nbsp;>> CN=Administrator,CN=Users,DC=sidmar,DC=local; 1&gt;
name: Administrator; 1&gt;
&nbsp;>> canonicalName: sidmar.local/Users/Administrator;
&nbsp;&nbsp;>>>>Dn: CN=SIDMARSRV01,OU=Domain
Controllers,DC=sidmar,DC=local
&nbsp;>>
&nbsp;>> 5&gt; objectClass: top; person; organizationalPerson;
user; computer; 1&gt; cn:
&nbsp;>> SIDMARSRV01; 1&gt; distinguishedName:
CN=SIDMARSRV01,OU=Domain
&nbsp;>> Controllers,DC=sidmar,DC=local; 1&gt; name:
SIDMARSRV01; 1&gt; canonicalName:
&nbsp;>> sidmar.local/Domain Controllers/SIDMARSRV01; but now
which of the above
&nbsp;>> entries i have to delete? and how do i do
&nbsp;>> it... I have tryed ADSIEdit but I coud not find the
right entry...
&nbsp;>>
&nbsp;>> Thanks for any suggestions
&nbsp;>>
&nbsp;>> Regards Rene
&nbsp;>>
Click to expand...

Thanks for your Help, I have tried it but get the following error...

AdMod V01.03.00cpp Joe Richards ([email protected]) February 2005

WARN: Delete/Clear option illogical for add, ignoring.
DN Count: 1
Using server: sidmarsrv01.sidmar.local
Adding specified objects...
DN: cn=administrator,cn=users,dc=sidmar,dc=local...:
[sidmarsrv01.sidmar.loca
l] Error 0x41 (65) - Verletzung der Objektklasse


ERROR: Too many errors encountered, terminating...

The command did not complete successfully


what did I do wrong ??
Click to expand...
 
J

Joe Richards [MVP]

I have released a new version of the admod (1.4) that has this bug fixed as well
as adds a -add option to create objects in AD.

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net

Bug in V1.3 I corrected but haven't released, I apologize.

In the meanwhile use adsiedit or the following script



dn=wscript.arguments.item(0)
set o=GetObject("LDAP://" & dn)
o.putex 1,"serviceprincipalname",""
o.setinfo()






--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net

Chriss3 MVP said:
This happens if you install Microsoft CRM on a Domain
Controller.
Use Joes excellent tool or ADSIedit to remove the duplicated
SPN.
-- > Regards
Christoffer Andersson
Microsoft MVP - Directory Services
No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips
"Joe Richards [MVP]" <[email protected]> skrev i
meddelandet > Delete the SPN from the admin account. No clue how that got
there except > > some admin probably didn't know what they were doing.

You can clear this up pretty easily. Download admod from
Click to expand...
www.joeware.net > > and enter the following command, it should be on
one line
(in case of line > > wrap)

admod -b CN=Administrator,CN=Users,DC=sidmar,DC=local > > servicePrincipalName:-


That will result in the spn being cleared from the admin
account object.

joe



--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


ReneSidler wrote:
&nbsp;>> I need some help getting rid of this KDC 11 error
&nbsp;>>
&nbsp;>> I have a dublicate entry which I have found with the
ldp
&nbsp;>>
&nbsp;>> ***Searching...
&nbsp;>> ldap_search_s(ld, "DC=SIDMAR,DC=LOCAL", 2,
&nbsp;>>
"serviceprincipalname=MSSQLSvc/sidmarsrv01.sidmar.local:1433",
&nbsp;>> attrList, 0, &msg)
&nbsp;>> Result &lt;0&gt;: (null)
&nbsp;>> Matched DNs: Getting 2 entries:
&nbsp;>>
&nbsp;&nbsp;>>>>Dn:
CN=Administrator,CN=Users,DC=sidmar,DC=local
&nbsp;>>
&nbsp;>> 4&gt; objectClass: top; person; organizationalPerson;
user; 1&gt; cn: > &nbsp;>> Administrator; 1&gt; description: Vordefiniertes
Konto für die Verwaltung > &nbsp;>> des Computers
&nbsp;>> bzw. der Domäne; 1&gt; distinguishedName: > &nbsp;>>
Click to expand...
CN=Administrator,CN=Users,DC=sidmar,DC=local; 1&gt;
name: Administrator; 1&gt; > &nbsp;>> canonicalName: sidmar.local/Users/Administrator;
&nbsp;&nbsp;>>>>Dn: CN=SIDMARSRV01,OU=Domain
Controllers,DC=sidmar,DC=local
&nbsp;>>
&nbsp;>> 5&gt; objectClass: top; person; organizationalPerson;
user; computer; 1&gt; cn: > &nbsp;>> SIDMARSRV01; 1&gt; distinguishedName:
CN=SIDMARSRV01,OU=Domain
&nbsp;>> Controllers,DC=sidmar,DC=local; 1&gt; name:
SIDMARSRV01; 1&gt; canonicalName: > &nbsp;>> sidmar.local/Domain
Click to expand...
Controllers/SIDMARSRV01; but now
which of the above > &nbsp;>> entries i have to delete? and how do i do
&nbsp;>> it... I have tryed ADSIEdit but I coud not find the
right entry...
&nbsp;>>
&nbsp;>> Thanks for any suggestions
&nbsp;>>
&nbsp;>> Regards Rene
&nbsp;>>
Click to expand...

Thanks for your Help, I have tried it but get the following error...

AdMod V01.03.00cpp Joe Richards ([email protected]) February 2005

WARN: Delete/Clear option illogical for add, ignoring.
DN Count: 1
Using server: sidmarsrv01.sidmar.local
Adding specified objects...
DN: cn=administrator,cn=users,dc=sidmar,dc=local...:
[sidmarsrv01.sidmar.loca
l] Error 0x41 (65) - Verletzung der Objektklasse


ERROR: Too many errors encountered, terminating...

The command did not complete successfully


what did I do wrong ??
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Multiple accounts with the name MSSQLSvc... 2
Event 11 1
Event ID 11 on DC 5
Restore Deleted OU and child objects 3
KDC Error 11 3
Trying to get same results from LDIFDE vs. LDP 1
Error 10104 - Active Directory, RPC - Is Winsock hosed? 1
Calling replication and LDAP troubleshooting experts! 1

Top