KDC Error 11
From: John Rosenlof (greyseal96_at_hotmail.com)
Date: 02/10/05
- Next message: Preacher Man: "DHCP & DNS"
- Previous message: Lance: "Recommended way to get ldifde.exe tool?"
- Next in thread: Chriss3 [MVP]: "Re: KDC Error 11"
- Reply: Chriss3 [MVP]: "Re: KDC Error 11"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 10 Feb 2005 10:25:58 -0800
Hi,
I'm having a really hard time figuring this out and I was hoping somebody
here might be able to shed some light on this.
We keep getting KDC errors of type 11 in the system event log. They say
that there are multiple accounts with the name... and then it lists
different names in each message, but they are all based on the same computer
and they are all of type10.
Ex:
HOST/ATLANTA, HOST/ATLANTA.DOMAIN.COM, HOST/atlanta.DOMAIN.COM,
HOST/Atlanta, cifs/ATLANTA.DOMAIN.COM, cifs/ATLANTA,
HTTP/atlanta.DOMAIN.COM, HTTP/ATLANTA
I've read the KB article on how to find duplicate SPN's. LDP didn't help,
but the ldifde utility did. I printed out a file with our domain as a base
(dc=domain,dc=dom) and found multiple spn's under Atlanta's computer
account. I used ADSIEdit and found these spn's under the properties page of
cn=atlanta, cn=computers,dc=domain,dc=com. Here are the spn's from Atlanta:
HOST/ATLANTA
HOST/atlanta.DOMAIN.COM
MSSQLSvc/atlanta.DOMAIN.COM:4819
SMTPSVC/ATLANTA
SMTPSVC/atlanta.DOMAIN.COM
This server isn't running our SQL servers, but it is our CRM server. I'm
trying to figure out 1) how it came to have those duplicate spn's 2) what
the impact would be of deleting some (especially on CRM) 3) which ones to
delete 4) what cifs and HTTP have to do with those duplicate spn's if
they're not even listed in the spn list from atlanta.
Any ideas or help? Thanks a lot in advance.
-John
- Next message: Preacher Man: "DHCP & DNS"
- Previous message: Lance: "Recommended way to get ldifde.exe tool?"
- Next in thread: Chriss3 [MVP]: "Re: KDC Error 11"
- Reply: Chriss3 [MVP]: "Re: KDC Error 11"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
