Event ID 11 - Source KDC

Hi,

Can anyone help resolving the following error which I am receiving on our
Windows 2003 domain controllers System Log

Source: KDC
Type: Error
Event ID: 11
Computer: DomainController

There are multiple accounts with name MSSQLSvc/sql1.domain.local:1433 of
type DS_SERVICE_PRINCIPAL_NAME

The problem machine identified by the error (sql1) is actually a new SQL2005
production server so I need to be a little careful applying updates & making
changes to correct the problem.

If anyone can help it would be appreciated.

Thanks

Leo

You may want to use ADSI Editor to find the multiple accounts. This search
result may help.
Event ID 11
We also receive the Event ID 11 - There are multiple accounts with
name host/printsrv.chicagotech.net of type 10. That tells us there is a
duplicate SPN ...
http://www.chicagotech.net/troublesh.../eventid11.htm


--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"Leo" <(E-Mail Removed)> wrote in message
news:OFcs$Oi$(E-Mail Removed)...
> Hi,
>
> Can anyone help resolving the following error which I am receiving on our
> Windows 2003 domain controllers System Log
>
> Source: KDC
> Type: Error
> Event ID: 11
> Computer: DomainController
>
> There are multiple accounts with name MSSQLSvc/sql1.domain.local:1433 of
> type DS_SERVICE_PRINCIPAL_NAME
>
> The problem machine identified by the error (sql1) is actually a new
> SQL2005 production server so I need to be a little careful applying
> updates & making changes to correct the problem.
>
> If anyone can help it would be appreciated.
>
> Thanks
>
> Leo

Hi, thanks for the reply and info.

I have run LDP however when I run the search it only returns 1 entry, which
to me would suggest no duplicates in Active Directory.

Any other ideas or can you think of anything I may have overlooked.

Thanks

Leo

"Robert L. (MS-MVP)" <(E-Mail Removed)> wrote in message
news:eMtn8cj$(E-Mail Removed)...
> You may want to use ADSI Editor to find the multiple accounts. This search
> result may help.
> Event ID 11
> We also receive the Event ID 11 - There are multiple accounts with
> name host/printsrv.chicagotech.net of type 10. That tells us there is a
> duplicate SPN ...
> http://www.chicagotech.net/troublesh.../eventid11.htm
>
>
> --
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on
> http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on
> http://www.HowToNetworking.com
> "Leo" <(E-Mail Removed)> wrote in message
> news:OFcs$Oi$(E-Mail Removed)...
>> Hi,
>>
>> Can anyone help resolving the following error which I am receiving on our
>> Windows 2003 domain controllers System Log
>>
>> Source: KDC
>> Type: Error
>> Event ID: 11
>> Computer: DomainController
>>
>> There are multiple accounts with name MSSQLSvc/sql1.domain.local:1433 of
>> type DS_SERVICE_PRINCIPAL_NAME
>>
>> The problem machine identified by the error (sql1) is actually a new
>> SQL2005 production server so I need to be a little careful applying
>> updates & making changes to correct the problem.
>>
>> If anyone can help it would be appreciated.
>>
>> Thanks
>>
>> Leo
>

Hi,

This problem occurs because two or more computer accounts have the same
service principal name (SPN) registered. Event ID 11 is logged when the Key
Distribution Center (KDC) receives a ticket request, and the related SPN
exists more than one time when it is checked on the global catalog (GC) for
verification.
To resolve this problem, locate the computer accounts that have the
duplicate SPNs. When you have located the computers that have the duplicate
SPNs, you can either delete the computer account from the domain, disjoin
and rejoin the computer to the domain, or you can use ADSIEdit to correct
the SPN on the computer that has the incorrect SPN.

To locate the computer accounts that have the duplicate SPNs, use one of
the following methods.
Method 1: Use the LDP support tool
1. Click Start , click Run , type LDP , and then click OK .
2. Click Connection , and then click Connect .
3. Leave the default settings, and then click OK .
Note If you do not receive the expected result, try another search by using
the Global Catalog Port (3268) instead of the default setting (389).
4. Click Connection , and then click Bind .
5. Leave the default settings, and then click OK .
6. Click View , and then click Tree .
7. In the Tree View dialog box, type DC= YourDomain ,DC=com in the
BaseDN box, where YourDomain is your domain.
8. Click Browse , and then click Search .
9. In the Search dialog box, type DC= YourDomain ,DC=com in the BaseDN
box.
10. In the Search dialog box, type ( serviceprincipalname =HOST/
mycomputer.mydomain .com)
in the Filter box. If the service principal name that is referred to in the
error in the System log differs from this example, type the service
principal name to which the error refers.

Note If you do not receive the expected result, try searching for " HOST/"
as opposed to searching only for the exact SPN in the event ID.
11. Under Scope , click Subtree .
12. Click Run .

If this result is not what we expect, please try the followings.
Method 2:

Use the querySpn.vbs script in the following Microsoft TechNet article. To
use the script, copy the code, paste it into Notepad, and then save the
script as querySpn.vbs.
http://www.microsoft.com/technet/scr.../spnquery.mspx
Run the script by using the following command:
cscript spnquery.vbs HOST/mycomputer* >check_SPN.txt


Also, you can use setspn tool to locate duplicate SPN. You can refer to

Setspn Overview
http://technet2.microsoft.com/Window...1-7ff0-4f6f-87
d2-f2e70294a5761033.mspx

Hope this helps.

Sincerely
Morgan Che
Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security
================================================== ===
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
================================================== ===
This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
--->Reply-To: "Leo" <(E-Mail Removed)>
--->From: "Leo" <(E-Mail Removed)>
--->References: <OFcs$Oi$(E-Mail Removed)>
<eMtn8cj$(E-Mail Removed)>
--->Subject: Re: Event ID 11 - Source KDC
--->Date: Thu, 14 Aug 2008 19:49:26 +0100
--->Lines: 1
--->MIME-Version: 1.0
--->Content-Type: text/plain;
---> format=flowed;
---> charset="iso-8859-1";
---> reply-type=response
--->Content-Transfer-Encoding: 7bit
--->X-Priority: 3
--->X-MSMail-Priority: Normal
--->Importance: Normal
--->X-Newsreader: Microsoft Windows Live Mail 12.0.1606
--->X-MimeOLE: Produced By Microsoft MimeOLE V12.0.1606
--->Message-ID: <#K0B85j$(E-Mail Removed)>
--->Newsgroups: microsoft.public.windows.server.networking
--->NNTP-Posting-Host: cpc4-warw3-0-0-cust775.sol2.cable.ntl.com 86.20.195.8
--->Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSF TNGP05.phx.gbl
--->Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.server.networking:14086
--->X-Tomcat-NG: microsoft.public.windows.server.networking
--->
--->Hi, thanks for the reply and info.
--->
--->I have run LDP however when I run the search it only returns 1 entry,
which
--->to me would suggest no duplicates in Active Directory.
--->
--->Any other ideas or can you think of anything I may have overlooked.
--->
--->Thanks
--->
--->Leo
--->
--->"Robert L. (MS-MVP)" <(E-Mail Removed)> wrote in message
--->news:eMtn8cj$(E-Mail Removed)...
--->> You may want to use ADSI Editor to find the multiple accounts. This
search
--->> result may help.
--->> Event ID 11
--->> We also receive the Event ID 11 - There are multiple accounts
with
--->> name host/printsrv.chicagotech.net of type 10. That tells us there is
a
--->> duplicate SPN ...
--->> http://www.chicagotech.net/troublesh.../eventid11.htm
--->>
--->>
--->> --
--->> Bob Lin, MS-MVP, MCSE & CNE
--->> Networking, Internet, Routing, VPN Troubleshooting on
--->> http://www.ChicagoTech.net
--->> How to Setup Windows, Network, VPN & Remote Access on
--->> http://www.HowToNetworking.com
--->> "Leo" <(E-Mail Removed)> wrote in message
--->> news:OFcs$Oi$(E-Mail Removed)...
--->>> Hi,
--->>>
--->>> Can anyone help resolving the following error which I am receiving
on our
--->>> Windows 2003 domain controllers System Log
--->>>
--->>> Source: KDC
--->>> Type: Error
--->>> Event ID: 11
--->>> Computer: DomainController
--->>>
--->>> There are multiple accounts with name
MSSQLSvc/sql1.domain.local:1433 of
--->>> type DS_SERVICE_PRINCIPAL_NAME
--->>>
--->>> The problem machine identified by the error (sql1) is actually a new
--->>> SQL2005 production server so I need to be a little careful applying
--->>> updates & making changes to correct the problem.
--->>>
--->>> If anyone can help it would be appreciated.
--->>>
--->>> Thanks
--->>>
--->>> Leo
--->>
--->

Hi,

I have now resolved the issue, thank you for the help you have provided and
the information you and Robert provided was spot on. I did however end up
opening a support case with MS as I wasn't confident removing the SPN's I
identified as the systems are critical to us and I needed to be sure of the
changes.
Thank you.

Leo

"Morgan che(MSFT)" <v-(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi,
>
> I am wirting to see how evertything is going?
>
> Have this issue been sovled or you need further assistance? please feel
> free to let me know.
> Sincerely
> Morgan Che
> Microsoft Online Support
> Microsoft Global Technical Support Center
>
> Get Secure! - www.microsoft.com/security
> ================================================== ===
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> ================================================== ===
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
> --------------------
> --->Reply-To: "Leo" <(E-Mail Removed)>
> --->From: "Leo" <(E-Mail Removed)>
> --->References: <OFcs$Oi$(E-Mail Removed)>
> <eMtn8cj$(E-Mail Removed)>
> --->Subject: Re: Event ID 11 - Source KDC
> --->Date: Thu, 14 Aug 2008 19:49:26 +0100
> --->Lines: 1
> --->MIME-Version: 1.0
> --->Content-Type: text/plain;
> ---> format=flowed;
> ---> charset="iso-8859-1";
> ---> reply-type=response
> --->Content-Transfer-Encoding: 7bit
> --->X-Priority: 3
> --->X-MSMail-Priority: Normal
> --->Importance: Normal
> --->X-Newsreader: Microsoft Windows Live Mail 12.0.1606
> --->X-MimeOLE: Produced By Microsoft MimeOLE V12.0.1606
> --->Message-ID: <#K0B85j$(E-Mail Removed)>
> --->Newsgroups: microsoft.public.windows.server.networking
> --->NNTP-Posting-Host: cpc4-warw3-0-0-cust775.sol2.cable.ntl.com
> 86.20.195.8
> --->Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSF TNGP05.phx.gbl
> --->Xref: TK2MSFTNGHUB02.phx.gbl
> microsoft.public.windows.server.networking:14086
> --->X-Tomcat-NG: microsoft.public.windows.server.networking
> --->
> --->Hi, thanks for the reply and info.
> --->
> --->I have run LDP however when I run the search it only returns 1 entry,
> which
> --->to me would suggest no duplicates in Active Directory.
> --->
> --->Any other ideas or can you think of anything I may have overlooked.
> --->
> --->Thanks
> --->
> --->Leo
> --->
> --->"Robert L. (MS-MVP)" <(E-Mail Removed)> wrote in message
> --->news:eMtn8cj$(E-Mail Removed)...
> --->> You may want to use ADSI Editor to find the multiple accounts. This
> search
> --->> result may help.
> --->> Event ID 11
> --->> We also receive the Event ID 11 - There are multiple accounts
> with
> --->> name host/printsrv.chicagotech.net of type 10. That tells us there
> is
> a
> --->> duplicate SPN ...
> --->> http://www.chicagotech.net/troublesh.../eventid11.htm
> --->>
> --->>
> --->> --
> --->> Bob Lin, MS-MVP, MCSE & CNE
> --->> Networking, Internet, Routing, VPN Troubleshooting on
> --->> http://www.ChicagoTech.net
> --->> How to Setup Windows, Network, VPN & Remote Access on
> --->> http://www.HowToNetworking.com
> --->> "Leo" <(E-Mail Removed)> wrote in message
> --->> news:OFcs$Oi$(E-Mail Removed)...
> --->>> Hi,
> --->>>
> --->>> Can anyone help resolving the following error which I am receiving
> on our
> --->>> Windows 2003 domain controllers System Log
> --->>>
> --->>> Source: KDC
> --->>> Type: Error
> --->>> Event ID: 11
> --->>> Computer: DomainController
> --->>>
> --->>> There are multiple accounts with name
> MSSQLSvc/sql1.domain.local:1433 of
> --->>> type DS_SERVICE_PRINCIPAL_NAME
> --->>>
> --->>> The problem machine identified by the error (sql1) is actually a
> new
> --->>> SQL2005 production server so I need to be a little careful applying
> --->>> updates & making changes to correct the problem.
> --->>>
> --->>> If anyone can help it would be appreciated.
> --->>>
> --->>> Thanks
> --->>>
> --->>> Leo
> --->>
> --->
>

Hi,

Thanks for your reply. If possible, could you please provide the
workarounds of how you solve this issue? I think it will benifit for others
who experience the same situation.

Thanks.

Sincerely
Morgan Che
Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security
================================================== ===
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
================================================== ===
This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
--->Reply-To: "Leo" <(E-Mail Removed)>
--->From: "Leo" <(E-Mail Removed)>
--->References: <OFcs$Oi$(E-Mail Removed)>
<eMtn8cj$(E-Mail Removed)>
<#K0B85j$(E-Mail Removed)>
<(E-Mail Removed)>
--->Subject: Re: Event ID 11 - Source KDC
--->Date: Thu, 21 Aug 2008 10:38:13 +0100
--->Lines: 1
--->MIME-Version: 1.0
--->Content-Type: text/plain;
---> format=flowed;
---> charset="iso-8859-1";
---> reply-type=original
--->Content-Transfer-Encoding: 7bit
--->X-Priority: 3
--->X-MSMail-Priority: Normal
--->Importance: Normal
--->X-Newsreader: Microsoft Windows Live Mail 12.0.1606
--->X-MimeOLE: Produced By Microsoft MimeOLE V12.0.1606
--->Message-ID: <(E-Mail Removed)>
--->Newsgroups: microsoft.public.windows.server.networking
--->NNTP-Posting-Host: mailgate.geotech.co.uk 195.11.85.82
--->Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSF TNGP05.phx.gbl
--->Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.server.networking:14182
--->X-Tomcat-NG: microsoft.public.windows.server.networking
--->
--->Hi,
--->
--->I have now resolved the issue, thank you for the help you have provided
and
--->the information you and Robert provided was spot on. I did however end
up
--->opening a support case with MS as I wasn't confident removing the SPN's
I
--->identified as the systems are critical to us and I needed to be sure of
the
--->changes.
--->Thank you.
--->
--->Leo
--->
--->"Morgan che(MSFT)" <v-(E-Mail Removed)> wrote in message
--->news:(E-Mail Removed)...
--->> Hi,
--->>
--->> I am wirting to see how evertything is going?
--->>
--->> Have this issue been sovled or you need further assistance? please
feel
--->> free to let me know.
--->> Sincerely
--->> Morgan Che
--->> Microsoft Online Support
--->> Microsoft Global Technical Support Center
--->>
--->> Get Secure! - www.microsoft.com/security
--->> ================================================== ===
--->> When responding to posts, please "Reply to Group" via your newsreader
so
--->> that others may learn and benefit from your issue.
--->> ================================================== ===
--->> This posting is provided "AS IS" with no warranties, and confers no
--->> rights.
--->>
--->>
--->> --------------------
--->> --->Reply-To: "Leo" <(E-Mail Removed)>
--->> --->From: "Leo" <(E-Mail Removed)>
--->> --->References: <OFcs$Oi$(E-Mail Removed)>
--->> <eMtn8cj$(E-Mail Removed)>
--->> --->Subject: Re: Event ID 11 - Source KDC
--->> --->Date: Thu, 14 Aug 2008 19:49:26 +0100
--->> --->Lines: 1
--->> --->MIME-Version: 1.0
--->> --->Content-Type: text/plain;
--->> ---> format=flowed;
--->> ---> charset="iso-8859-1";
--->> ---> reply-type=response
--->> --->Content-Transfer-Encoding: 7bit
--->> --->X-Priority: 3
--->> --->X-MSMail-Priority: Normal
--->> --->Importance: Normal
--->> --->X-Newsreader: Microsoft Windows Live Mail 12.0.1606
--->> --->X-MimeOLE: Produced By Microsoft MimeOLE V12.0.1606
--->> --->Message-ID: <#K0B85j$(E-Mail Removed)>
--->> --->Newsgroups: microsoft.public.windows.server.networking
--->> --->NNTP-Posting-Host: cpc4-warw3-0-0-cust775.sol2.cable.ntl.com
--->> 86.20.195.8
--->> --->Path:
TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSF TNGP05.phx.gbl
--->> --->Xref: TK2MSFTNGHUB02.phx.gbl
--->> microsoft.public.windows.server.networking:14086
--->> --->X-Tomcat-NG: microsoft.public.windows.server.networking
--->> --->
--->> --->Hi, thanks for the reply and info.
--->> --->
--->> --->I have run LDP however when I run the search it only returns 1
entry,
--->> which
--->> --->to me would suggest no duplicates in Active Directory.
--->> --->
--->> --->Any other ideas or can you think of anything I may have
overlooked.
--->> --->
--->> --->Thanks
--->> --->
--->> --->Leo
--->> --->
--->> --->"Robert L. (MS-MVP)" <(E-Mail Removed)> wrote in message
--->> --->news:eMtn8cj$(E-Mail Removed)...
--->> --->> You may want to use ADSI Editor to find the multiple accounts.
This
--->> search
--->> --->> result may help.
--->> --->> Event ID 11
--->> --->> We also receive the Event ID 11 - There are multiple
accounts
--->> with
--->> --->> name host/printsrv.chicagotech.net of type 10. That tells us
there
--->> is
--->> a
--->> --->> duplicate SPN ...
--->> --->> http://www.chicagotech.net/troublesh.../eventid11.htm
--->> --->>
--->> --->>
--->> --->> --
--->> --->> Bob Lin, MS-MVP, MCSE & CNE
--->> --->> Networking, Internet, Routing, VPN Troubleshooting on
--->> --->> http://www.ChicagoTech.net
--->> --->> How to Setup Windows, Network, VPN & Remote Access on
--->> --->> http://www.HowToNetworking.com
--->> --->> "Leo" <(E-Mail Removed)> wrote in message
--->> --->> news:OFcs$Oi$(E-Mail Removed)...
--->> --->>> Hi,
--->> --->>>
--->> --->>> Can anyone help resolving the following error which I am
receiving
--->> on our
--->> --->>> Windows 2003 domain controllers System Log
--->> --->>>
--->> --->>> Source: KDC
--->> --->>> Type: Error
--->> --->>> Event ID: 11
--->> --->>> Computer: DomainController
--->> --->>>
--->> --->>> There are multiple accounts with name
--->> MSSQLSvc/sql1.domain.local:1433 of
--->> --->>> type DS_SERVICE_PRINCIPAL_NAME
--->> --->>>
--->> --->>> The problem machine identified by the error (sql1) is actually
a
--->> new
--->> --->>> SQL2005 production server so I need to be a little careful
applying
--->> --->>> updates & making changes to correct the problem.
--->> --->>>
--->> --->>> If anyone can help it would be appreciated.
--->> --->>>
--->> --->>> Thanks
--->> --->>>
--->> --->>> Leo
--->> --->>
--->> --->
--->>
--->