Re: KDC error -- dublicte serviceprincipalname

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

I have released a new version of the admod (1.4) that has this bug fixed as well as adds a -add option to create objects in AD.

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


Joe Richards [MVP] wrote: 
Bug in V1.3 I corrected but haven't released, I apologize.

In the meanwhile use adsiedit or the following script



dn=wscript.arguments.item(0)
set o=GetObject("LDAP://"; & dn)
o.putex 1,"serviceprincipalname",""
o.setinfo()






--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


ReneSidler wrote:

"Chriss3 MVP" wrote:
> This happens if you install Microsoft CRM on a Domain
> Controller.
> Use Joes excellent tool or ADSIedit to remove the duplicated
> SPN.
> > -- > Regards
> Christoffer Andersson
> Microsoft MVP - Directory Services
> > No email replies please - reply in the newsgroup
> ------------------------------------------------
> http://www.chrisse.se - Active Directory Tips
> > "Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx> skrev i
> meddelandet > news:eE23hsiMFHA.3796@xxxxxxxxxxxxxxxxxxxxxxx
> > Delete the SPN from the admin account. No clue how that got
> there except > > some admin probably didn't know what they were doing.
> >
> > You can clear this up pretty easily. Download admod from www.joeware.net > > and enter the following command, it should be on one line
> (in case of line > > wrap)
> >
> > admod -b CN=Administrator,CN=Users,DC=sidmar,DC=local > > servicePrincipalName:-
> >
> >
> > That will result in the spn being cleared from the admin
> account object.
> >
> > joe
> >
> >
> >
> > --
> > Joe Richards Microsoft MVP Windows Server Directory Services
> > www.joeware.net
> >
> >
> > ReneSidler wrote:
> &nbsp;>> I need some help getting rid of this KDC 11 error
> &nbsp;>>
> &nbsp;>> I have a dublicate entry which I have found with the
> ldp
> &nbsp;>>
> &nbsp;>> ***Searching...
> &nbsp;>> ldap_search_s(ld, "DC=SIDMAR,DC=LOCAL", 2,
> &nbsp;>>
> "serviceprincipalname=MSSQLSvc/sidmarsrv01.sidmar.local:1433",
> &nbsp;>> attrList, 0, &msg)
> &nbsp;>> Result &lt;0&gt;: (null)
> &nbsp;>> Matched DNs: Getting 2 entries:
> &nbsp;>>
> &nbsp;&nbsp;>>>>Dn:
> CN=Administrator,CN=Users,DC=sidmar,DC=local
> &nbsp;>>
> &nbsp;>> 4&gt; objectClass: top; person; organizationalPerson;
> user; 1&gt; cn: > &nbsp;>> Administrator; 1&gt; description: Vordefiniertes
> Konto für die Verwaltung > &nbsp;>> des Computers
> &nbsp;>> bzw. der Domäne; 1&gt; distinguishedName: > &nbsp;>> CN=Administrator,CN=Users,DC=sidmar,DC=local; 1&gt;
> name: Administrator; 1&gt; > &nbsp;>> canonicalName: sidmar.local/Users/Administrator;
> &nbsp;&nbsp;>>>>Dn: CN=SIDMARSRV01,OU=Domain
> Controllers,DC=sidmar,DC=local
> &nbsp;>>
> &nbsp;>> 5&gt; objectClass: top; person; organizationalPerson;
> user; computer; 1&gt; cn: > &nbsp;>> SIDMARSRV01; 1&gt; distinguishedName:
> CN=SIDMARSRV01,OU=Domain
> &nbsp;>> Controllers,DC=sidmar,DC=local; 1&gt; name:
> SIDMARSRV01; 1&gt; canonicalName: > &nbsp;>> sidmar.local/Domain Controllers/SIDMARSRV01; but now
> which of the above > &nbsp;>> entries i have to delete? and how do i do
> &nbsp;>> it... I have tryed ADSIEdit but I coud not find the
> right entry...
> &nbsp;>>
> &nbsp;>> Thanks for any suggestions
> &nbsp;>>
> &nbsp;>> Regards Rene
> &nbsp;>>

Thanks for your Help, I have tried it but get the following error...

AdMod V01.03.00cpp Joe Richards (joe@xxxxxxxxxxx) February 2005

WARN: Delete/Clear option illogical for add, ignoring.
DN Count: 1
Using server: sidmarsrv01.sidmar.local
Adding specified objects...
   DN: cn=administrator,cn=users,dc=sidmar,dc=local...:
[sidmarsrv01.sidmar.loca
l] Error 0x41 (65) - Verletzung der Objektklasse


ERROR: Too many errors encountered, terminating...

The command did not complete successfully


what did I do wrong ??

.

Relevant Pages