General discussion

Locked

KDS Error in Event Log

By eric ·
I am getting continued errors in the "system" event log that are as follows:

"There are multiple accounts with name cifs/Moses of type DS_SERVICE_PRINCIPAL_NAME.'"

"There are multiple accounts with name host/moses.wishan.com of type DS_SERVICE_PRINCIPAL_NAME."

This is a KDC error with event id 11. I have found some references to fixing or cleaning this up in my AD structure, however, nothing I can find gives me exact enough instructions to make the repair. Any help would be appreciated. Server name is Moses on Single Doamin controller in small AD network. eric@wishan.com Help!!

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by eric In reply to KDS Error in Event Log

Title of question should have read KDC error in Event Log.

Collapse -

by Pocono In reply to KDS Error in Event Log

From MSKB321044

Method 1
NOTE: If you do not have the Windows 2000 support tools installed, install them from the Windows 2000 CD-ROM before proceeding. The Setup executable file for the support tools is located on the CD-ROM in the Support\Tools folder. The installation does not require you to restart the computer, but you may have to restart the computer so that the environment variables are updated.
Click Start, and then click Run.
Type LDP, and then click OK.
Click Connection, and then click Connect.
Leave the default settings, and then click OK.
Click Connection, and then click Bind.
Leave the default settings, and then click OK.
Click View, and then click Tree.
In the Tree View dialog box, type DC=YourDomain,DC=com in the BaseDN box, where YourDomain is your domain.
Click Browse, and then click Search.
In the Search dialog box, type DC=YourDomain,DC=com in the BaseDN box.
In the Search dialog box, type (serviceprincipalname=HOST/mycomputer.mydomain.com ) in the Filter box. If the service principal name that is referred to in the error in the system log is different from this example here, type the service principal name that the error refers to.
Under Scope, click Subtree.
Click Run.
See KB321044 for other methods if this one doesn't work....http://support.microsoft.com

Collapse -

by Pocono In reply to

The method above will allow you to locate the service principal names that are duplicated.


When you have located the computers that have the duplicate SPNs, you can either delete the machine account from the domain, disjoin and rejoin the machine to the domain, or you can use ADSIEdit to correct the SPN on the computer that has the incorrect SPN.

Collapse -

by eric In reply to

Could use more specific help. Here is a listing from setspn -l command:

C:\Documents and Settings\Administrator.WISHAN>setspn -L moses
Registered ServicePrincipalNames for CN=MOSES,OU=Domain Controllers,DC=wishan,
=com:
MSSQLSvc/moses.wishan.com:4974
MSSQLSvc/moses.wishan.com:3053
exchangeMDB/moses.wishan.com
exchangeMDB/MOSES
exchangeRFR/moses.wishan.com
exchangeRFR/MOSES
exchangeAB/MOSES
exchangeAB/moses.wishan.com
ldap/moses.wishan.com/ForestDnsZones.wishan.com
ldap/moses.wishan.com/DomainDnsZones.wishan.com
DNS/moses.wishan.com
GC/moses.wishan.com/wishan.com
HOST/moses.wishan.com/wishan.com
HOST/moses.wishan.com/WISHAN
ldap/3555e810-8b36-40ce-b056-b12227dffc33._msdcs.wishan.com
ldap/moses.wishan.com/WISHAN
ldap/MOSES
ldap/moses.wishan.com
ldap/moses.wishan.com/wishan.com
E3514235-4B06-11D1-AB04-00C04FC2DCD2/3555e810-8b36-40ce-b056-b12227dffc33/
shan.com
NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/moses.wishan.com
SMTPSVC/MOSES
SMTPSVC/moses.wishan.com
HOST/MOSES
HOST/moses.wishan.com

Can you tell me which are the duplicates my errors are referrign to? also, below is search for duplicates from yours and Microsofts search in LDAP. I am not sure exactly what to do....

LDP results:
***Searching...
ldap_search_s(ld, "DC=wishan,DC=com", 2, "serviceprincipalname=host/moses", attrList, 0, &msg)
Result <0>: (null)
Matched DNs:
Getting 2 entries:
>> Dn: CN=Administrator,CN=Users,DC=wishan,DC=com
4> objectClass: top; person; organizationalPerson; user;
1> cn: Administrator;
1> description: Built-in account for administering the computer/domain;
1> distinguishedName: CN=Administrator,CN=Users,DC=wishan,DC=com;
1> name: Administrator;
1> canonicalName: wishan.com/Users/Administrator;
>> Dn: CN=MOSES,OU=Domain Controllers,DC=wishan,DC=com
5> objectClass: top; person; organizationalPerson; user; computer;
1> cn: MOSES;
1> distinguishedName: CN=MOSES,OU=Domain Controllers,DC=wishan,DC=com;
1> name: MOSES;
1> canonicalName: wishan.com/Domain Controllers/MOSES;

Thanks in advance.

Collapse -

by Pocono In reply to KDS Error in Event Log

Well, I'm kinda bummed out that you rejected the answer....you should have just made a comment....

Collapse -

by eric In reply to KDS Error in Event Log

Sorry, about that. I didn't know it mattered. Can I fix this? By the way, do you have a more specific response given my additional comments. Thanks in advance..

Eric

Back to Windows Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums