Announcement

Collapse
No announcement yet.

KDC Event ID 11 - Cannot find the duplicate name

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • KDC Event ID 11 - Cannot find the duplicate name

    Ok time for some help from the guru's.

    I have a little issue on our DC's here.

    Bit of a background.

    We have a parent domain with 2 child domains. Both child domains are the working domains for the company.

    One is based in the States and runs only the Americas side of the business. The other is based in Australia and runs all other offices world wide.

    On our DC's in the head office in Austalia i have been seeing KDC Event ID 11 for a server on the other child domain. I have used the following KB article from MS to try and find the rogue entry and fix it.

    http://support.microsoft.com/default...b/321044/en-us

    I have tried all 3 methods and cannot find any entires that would help me.

    Using the LDP.exe tool i tried the following

    1. Open LDP and connect to a DC in Australia.
    2. Bind to the server.
    3. Click view the tree and enter the DN for the domain.
    4. Click Browse then search and enter the base DN as our domain here, DC=OurChildDomain, DC=DomainName, DC=com.
    5. In the search filter i enter the following servicePrincipalName=cifs/servername.therechilddomain.domainname.com
    6. Search results return the following

    -----------
    ***Searching...
    ldap_search_s(ld, "DC=OurChildDomian,DC=DomianName,DC=com", 2, "servicePrincipalName=cifs/servername.therechilddomain.domainname.com", attrList, 0, &msg)
    Result <0>: (null)
    Matched DNs:
    Getting 0 entries:
    -----------

    Anyone have any ideas???

  • #2
    Re: KDC Event ID 11 - Cannot find the duplicate name

    Have you tried method 3? I've used it in the past with good results.

    Comment


    • #3
      Re: KDC Event ID 11 - Cannot find the duplicate name

      Yep tried that as well.

      Still gives me no results.

      Does the syntax look ok to you??

      Comment


      • #4
        Re: KDC Event ID 11 - Cannot find the duplicate name

        Can you post the event log entry?

        and try running the queryspn using the wildcard, have it return everything.

        Comment


        • #5
          Re: KDC Event ID 11 - Cannot find the duplicate name

          Originally posted by Garen View Post
          Can you post the event log entry?

          and try running the queryspn using the wildcard, have it return everything.
          Here's the entry
          Attached Files

          Comment


          • #6
            Re: KDC Event ID 11 - Cannot find the duplicate name

            Using the following command i get SPN's returned in the txt file but none of them match the error code. Actually that one doesn't even exist.


            cscript spn_query.vbs CIFS/* > queryspn.txt

            I won't post the text file as it has our domain name plastered all over it.

            Comment


            • #7
              Re: KDC Event ID 11 - Cannot find the duplicate name

              Doesn't exist?

              Using ADSIEDIT if you go to the computer object of * (whatever * is since you have it masked) there's no entry for CIFS on the servicePrincipalName attribute?

              Any chance you have multiple DNS records for * or computer accounts with the same name?

              Also try searching for HOST/* see if that finds any duplicates.
              Last edited by Garen; 18th December 2008, 06:08.

              Comment


              • #8
                Re: KDC Event ID 11 - Cannot find the duplicate name

                Originally posted by Garen View Post
                Doesn't exist?
                No CIFS entry exists.

                Originally posted by Garen View Post
                Using ADSIEDIT if you go to the computer object of * (whatever * is since you have it masked) there's no entry for CIFS on the servicePrincipalName attribute?.
                I'll try that later.

                Originally posted by Garen View Post
                Any chance you have multiple DNS records for * or computer accounts with the same name?.
                No multiple entries. Was one of the first things i checked.

                Originally posted by Garen View Post
                Also try searching for HOST/* see if that finds any duplicates.
                Now that i've run it i've found the following entries. All company sensitive information has been removed.

                Now i'm thinking that the parts in bold are where the issue is.

                Code:
                CN=city-DC01,OU=Domain Controllers,DC=child1,DC=company,DC=com
                Class: computer
                Computer DNS: city-dc01.child1.company.com
                -- DNS/city-dc01.child1.company.com
                -- LDAP/city-dc01.child1.company.com/child1.company.com
                -- LDAP/city-dc01.child1.company.com
                -- LDAP/fb1fc8a1-c682-400a-9500-dfc099785640._msdcs.company.com
                -- LDAP/city-DC01
                -- LDAP/city-dc01.child1.company.com/child1
                -- GC/city-dc01.child1.company.com/company.com
                -- HOST/city-dc01.child1.company.com/child1.company.com
                -- HOST/city-dc01.child1.company.com/child1
                -- E3514235-4B06-11D1-AB04-00C04FC2DCD2/fb1fc8a1-c682-400a-9500-dfc099785640/child1.company.com
                -- NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/city-dc01.child1.company.com
                -- SMTPSVC/city-DC01
                -- SMTPSVC/city-dc01.child1.company.com
                -- HOST/city-DC01
                -- HOST/city-dc01.child1.company.com
                
                CN=city-DC01-OL,CN=Computers,DC=child1,DC=company,DC=com
                Class: computer
                Computer DNS: city-dc01-old.child1.company.com
                -- HOST/city-dc01-old.child1.company.com
                -- HOST/city-dc01-old.child1.company.com/child1.company.com
                -- NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/city-dc01-old.child1.company.com
                -- DNS/city-dc01-old.child1.company.com
                -- HOST/city-dc01-old.child1.company.com/child1
                -- HOST/city-DC01-OL
                
                CN=cityDC01OLD2,CN=Computers,DC=child1,DC=company,DC=com
                Class: computer
                Computer DNS: cityDC01old2.child1.company.com
                -- SMTPSVC/cityDC01OLD2
                -- SMTPSVC/cityDC01old2.child1.company.com
                -- HOST/cityDC01OLD2
                -- HOST/city-DC01.child1.company.com/child1
                -- HOST/city-DC01.child1.company.com/child1.company.com
                -- HOST/city-DC01.child1.company.com
                -- SMTPSVC/city-DC01.child1.company.com

                Comment


                • #9
                  Re: KDC Event ID 11 - Cannot find the duplicate name

                  HOST is kind of a parent SPN since if CIFS is not defined it will use the entry for HOST.

                  I would start be removing the duplicates on cityDC01OLD2 then reboot cityDC01OLD2 and make sure it populates itself with the proper entries.

                  Comment


                  • #10
                    Re: KDC Event ID 11 - Cannot find the duplicate name

                    Originally posted by Garen View Post
                    HOST is kind of a parent SPN since if CIFS is not defined it will use the entry for HOST.

                    I would start be removing the duplicates on cityDC01OLD2 then reboot cityDC01OLD2 and make sure it populates itself with the proper entries.
                    I contacted the Admin for that site and asked if they had a server by that name and they don't. They account is still active in AD though so i've asked that they remove it, they are the admin for there own child domain and the schema.

                    Hopefully that will resolve the issue. I'll keep you informed of the outcome.

                    Thanks for your help Garen.

                    Comment


                    • #11
                      Re: KDC Event ID 11 - Cannot find the duplicate name

                      Just as an update this is now resolved.

                      Deleted the old computer acount that didn't exist and all is working normally again, well no errors in the event logs yet

                      Comment


                      • #12
                        Re: KDC Event ID 11 - Cannot find the duplicate name

                        Hi, we had this same problem and found the cause, it wasn't so obvious so thought it could be worth sharing incase someone else gets the error.

                        For Microsoft Windows workstations, there isn't a need to have a "cifs" SPN as the CIFS file sharing service will use the "HOST" SPN, which is there for every workstation in the domain.

                        There are always two SPN's, one with the short name of the host (e.g. machine1), and one with the long name (e.g. machine1.company.local).

                        It seems there is a bug in the way this error is reported, as it references the "cifs" SPN but in reality it means the "HOST" SPN.

                        So when we go the error:
                        There are multiple accounts with name cifs/machine1.company.local of type DS_SERVICE_PRINCIPAL_NAME"

                        ...and we searched with LDP, we didn't see any entries for
                        cifs/machine1.company.local.

                        So, realising there was no need for "cifs" SPN's, we changed the SPN to:
                        HOST/machine1.company.local

                        ...and bingo, LDP reported duplicates. How did the duplicates get created? No idea...

                        You can also use setspn to fix the problem, we did, here is what we did, it may help you in your situation.

                        We found dupliate SPN's in AD by searching in LDP on the domain with this search:
                        (servicePrincipalName=HOST/machine1.company.local)

                        It showed two matches, so we ran the setspn command on both machines to see what SPN's were registered (you can use LDP too but you will fix it with setspn in a sec):
                        setspn -L machine1
                        HOST/machine1.company.local
                        HOST/machine1


                        setspn -L machine2
                        HOST/machine1.company.local
                        HOST/machine2


                        You may notice that machine2 has two SPN, and the first is for machine1.

                        So what we have to do is fix the incorrect reference on machine2 to an SPN for machine1.

                        In this case the commands were to first add the missing SPN to machine2:
                        setspn -A HOST/machine2.company.local machine2

                        then remove the bad SP from machine2:
                        setspn -D HOST/machine1.company.local machine2

                        It fixed it for us, hope it helps you resolve it on your network.

                        Cheers!

                        Comment

                        Working...
                        X