Re: Duplicate SPN - but unsure how to fix!
- From: "Austin Osuide" <austin@xxxxxxxxxxx>
- Date: Thu, 22 Nov 2007 14:34:43 -0000
Hi Steve,
you got the error probably because you copied and pasted my text? :-)
There needs to be a space between the -d and "".
To address your issue though, I dont think you should have a problem if the FQDN of the SQL servers is used.
Make sure the DNS search suffixes are setup correctly on worksations in the parent and child domains.
As you can see, the SPNs are registered correctly and the errors or event id: 11 are generated when the netbios name is used to request the service ticket. if the FQDN is used, these errors will not occur.
Regards,
Austin
"Steve" <Steve@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:D396AEA4-806F-44BD-A9AA-8CC6041D1464@xxxxxxxxxxxxxxxx
Hi Austin,
I was unable to run the command - getting a servicePrincipleName parameter
error / bad argument returned.
I can see that both servers share HOST/SQL01 which i'm guessing is where the
problem is. However I honestly have no idea how to change the SPN or exactly
what to change it too. (The FQDN?)
Here is the output from the assoicated VB script from the same KB:
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
CN=SQL01,CN=Computers,DC=child,DC=domain,DC=net
Class: computer
Computer DNS: SQL01.child.domain.net
-- MSSQLSvc/SQL01.child.domain.net:1118
-- MSSQLSvc/SQL01.child.domain.net:1152
-- MSSQLSvc/SQL01.child.domain.net:1140
-- MSSQLSvc/SQL01.child.domain.net:1089
-- HOST/SQL01
-- HOST/SQL01.child.domain.net
CN=SQL01,OU=Development,OU=Servers,DC=domain,DC=net
Class: computer
Computer DNS: sql01.domain.net
-- MSSQLSvc/sql01.domain.net:1435
-- MSSQLSvc/sql01.domain.net:1433
-- MSSQLSvc/sql01.domain.net:1434
-- MSSQLSvc/sql01.domain.net:1385
-- MSSQLSvc/sql01.domain.net:1453
-- MSSQLSvc/sql01.domain.net:1449
-- SMTPSVC/sql01.domain.net
-- HOST/sql01.domain.net
-- SMTPSVC/SQL01
-- HOST/SQL01
"Austin Osuide" wrote:
Hi Steve,
not sure why you are in this situation in the first place. an SPN is usually
registered for the servername and the FQDN of the server.
Both your SQL01 servers should have SPNs registered in their FQDNs.
Can you please run the following and post the results?
ldifde -f SQL_SPN.txt -t 3268 -d"" -l servicePrincipalName -r
"(servicePrincipalName=*sql01*)" -p subtree
Regards,
Austin
"Steve" <Steve@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:50994C1D-B0E8-4019-8726-FC84C8A305F5@xxxxxxxxxxxxxxxx
> Hi all,
>
> Getting KDC error 11 on our DC (GC and FSMO roles on it too):
>
> There are multiple accounts with name RPCSS/sql01 of type
> DS_SERVICE_PRINCIPAL_NAME.
>
> Looked up the relevant KB article KB321044. Used the VBS to get the
> results.
>
> The result is that I have SQL01.Domain.Net, and SQL01.Child.Domain.Net.
> However the DN of these are obviously different as they are in > different
> domains. (Child-Parent)
>
> So my query is how to do resolve this issue? To my knowledge I thought > you
> could have 2 machines called the same in a forest as long as they are > in
> different domains. Is this not the case?
>
> If I should be able to have both machines called SQL01 but in different
> domains, can someone possibly help me out as to how to resolve this > issue?
>
> Cheers,
>
>
> Steve.
.
- Follow-Ups:
- Re: Duplicate SPN - but unsure how to fix!
- From: Steve
- Re: Duplicate SPN - but unsure how to fix!
- References:
- Duplicate SPN - but unsure how to fix!
- From: Steve
- Re: Duplicate SPN - but unsure how to fix!
- From: Austin Osuide
- Re: Duplicate SPN - but unsure how to fix!
- From: Steve
- Duplicate SPN - but unsure how to fix!
- Prev by Date: Lock computer disable
- Next by Date: Re: To trust or not to trust???
- Previous by thread: Re: Duplicate SPN - but unsure how to fix!
- Next by thread: Re: Duplicate SPN - but unsure how to fix!
- Index(es):
Relevant Pages
|
