multiple SPN - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 06-21-2006, 03:47 PM   #1 (permalink)
True Techie
 
Join Date: Feb 2006
Posts: 228
Send a message via ICQ to selina Send a message via Yahoo to selina
Question multiple SPN

i'm getting this event logged in one of our sql servers:
----------
Event Type: Error
Event Source: KDC
Event Category: None
Event ID: 11
Date: 6/21/2006
Time: 11:13:26 AM
User: N/A
Computer: SQL1
Description:
There are multiple accounts with name MSSQLSvc/SQL2.domainname.com:1433 of type 10.
------------

as you can see, i know the SPN that's duplicated but i don't know where to go from here to fix this problem (= make this event id disappear!)
but i'm not getting this event log on SQL2 machine...
__________________

selina is offline  
Old 06-21-2006, 04:04 PM   #2 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

According to Microsoft:
CAUSE 1: This behavior can be caused by a duplicate SPN (ServicePrincipalName) value in the Active Directory tree.
RESOLUTION: NOTE: Only experienced administrators should consider using the Ldp.exe and Adsiedit.msc tools that are called for in the following procedure.
To resolve this behavior, use the Ldp.exe tool to determine the location of the duplicate SPN value, and then use the Adsiedit.msc tool to remove the duplicate SPN value. Follow these steps on a Windows 2000-based domain controller:
Click Start, and then click Run.
Type ldp, and then click OK.
Click Connection, click Connect, and then click OK. Leave the Server box blank.
Click Connection, click Bind, and then click OK. Leave all fields blank.
Click View, click Tree, and then click OK. Leave the BaseDN window blank.
Click Browse, and then click Search.
Set the BaseDN as DC=Home and DC=com, separated by a comma. For example, if the FQDN name of the domain is Mydomain.com, type DC=Mydomain,DC=com.
Set the filter to the following:
serviceprincipalname=Host/computername.home.com
For example, if the relevant computer is named Computer1 and the domain name is Mydomain.com, type the following:
serviceprincipalname=Host/Computer1.Mydomain.com
Set Scope to Subtree, and then click Run.
After you locate the duplicate SPN, you can use the Adsiedit.msc tool to go to the object, view the duplicate SPN value, and remove the duplicate SPN value.
Move the server from the domain to a workgroup, delete the servers computer account from the domain, and then join the server to the domain again, using the same computer account.
"
CAUSE 2:
There are two or more computer accounts that have the same service principal names (SPNs) registered.
RESOLUTION :
Locate the machine accounts that have the duplicate SPNs. To do so, use the following methods.
Use the Ldifde u
__________________

Osiris is offline  
Old 06-21-2006, 04:16 PM   #3 (permalink)
True Techie
 
Join Date: Feb 2006
Posts: 228
Send a message via ICQ to selina Send a message via Yahoo to selina
Default

lol
thanx, warez. i checked that already. (sorry, i find it amusing that i keep looking at the same place as you do.... lol)

what i could understand in that site is to use ldp to find the SPN that is duplicate. which, is already in the error log. so all i need to do is to do adsiedit.msc but i don't see that duplicate SPN.
maybe i'm doing something not right...
selina is offline  
Old 06-21-2006, 04:20 PM   #4 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Talking

See, its hard for me to tell you exactly what to do since the server isnt in front of me. I can usually pinpoint the error within a few minutes on my machine. I've got no errors whatsoever on my 2003 R2 server, but I didnt receive a DCOM error but that was an easy fix. Here is another place to look into: http://www.eventid.net/
Osiris is offline  
Old 06-21-2006, 04:54 PM   #5 (permalink)
True Techie
 
Join Date: Feb 2006
Posts: 228
Send a message via ICQ to selina Send a message via Yahoo to selina
Default

i used to go to that site but i stopped when you gave me the other link cuz it's just better. =)

you got dcom errors and it was an easy fix? daamn...
selina is offline  
Old 06-21-2006, 05:04 PM   #6 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

sure was, u having problems with them?
Osiris is offline  
Old 06-21-2006, 05:11 PM   #7 (permalink)
True Techie
 
Join Date: Feb 2006
Posts: 228
Send a message via ICQ to selina Send a message via Yahoo to selina
Default

ya. i see dcom error 10004 in the other sql server. i used to get it in my pc but it disappeared after we switched the FSMO. i alwasy thought dcom was just a pain-in-the-**s problem....
selina is offline  
Old 06-21-2006, 05:24 PM   #8 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

what is the source of the dcom?
Osiris is offline  
Old 06-21-2006, 05:35 PM   #9 (permalink)
True Techie
 
Join Date: Feb 2006
Posts: 228
Send a message via ICQ to selina Send a message via Yahoo to selina
Default

this is the log. i haven't looked into this log at all yet.

--------
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10004
Date: 6/21/2006
Time: 2:19:40 PM
User: N/A
Computer: SQL2
Description:
DCOM got error "Logon failure: the user has not been granted the requested logon type at this computer. " and was unable to logon .\IWAM_SQL2 in order to run the server:
{3D14228D-FBE1-11D0-995D-00C04FD919C1}
-----------------------------------
selina is offline  
Old 06-21-2006, 08:10 PM   #10 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Thumbs up

http://www.evtcatalog.com/evtPass/ev...DCOM_45110.asp


This worked for me
__________________

Osiris is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 01:54 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.