Announcement

Collapse
No announcement yet.

KDC error 11

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • KDC error 11

    Hello,

    I have a server that is getting KDC error 11. Here it is listed below:

    There are multiple accounts with name MSSQLSvc/srvXXXXX.bouygues-immobilier.com:1433 de type DS_SERVICE_PRINCIPAL_NAME.

    I do this command :

    C:\>ldifde -f check_SPN.txt -t 3268 -d "" -l servicePrincipalName -r "(servicePrincipalName=MSSQLSvc/intbou25.bouygues-immobilier.com:1433*)" -p subtree

    here is the output or result:

    dn: CN=ADMstartSQL2004,OU=ADMIN DOMAINE,OU=Administratives,OU=A SURVEILLER - System,OU=Sites BYIMMO,DC=bouygues-immobilier,DC=com
    changetype: add
    servicePrincipalName: MSSQLSvc/INTBOU01.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/SRV01134.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/SRV01095.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/srv01085.bouygues-immobilier.com:2634
    servicePrincipalName: MSSQLSvc/SRV01122.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/INTBOU17.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/INTBOU34.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/INTBOU68.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/SRV38025.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/FOR01037.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/intbou26.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/INTBOU30.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/INTBOU43.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/srv01171.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/srv01171.bouygues-immobilier.com:2509
    servicePrincipalName: MSSQLSvc/srv01018.bouygues-immobilier.com:1912
    servicePrincipalName: MSSQLSvc/INTBOU47.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/INTBOU29.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/SRV38024.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/srv38027.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/srv01012.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/SRV01123.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/SRV01034.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/SRV01098.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/FOR01036.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/srv01085.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/intbou25.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/srv26236.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/xpvtestabo.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/intbou11.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/srv01045.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/srv38039.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/SRV01014.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/INTBOU81.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/INTBOU89.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/INTBOU02.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/INTBOU93.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/srv01082.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/SRV60254.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/FOR01204.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/srv01158.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/srv01162.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/INTBOU84.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/INTBOU85.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/intbou11.bouygues-immobilier.com:1434
    servicePrincipalName: MSSQLSvc/intbou80.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/INTBOU82.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/srv01061.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/srv01061B.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/INTBOU17NEW.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/FORMOPUS3.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/INTBOU44.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/formopus6.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/formopus4.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/formopus5.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/INTBOU45.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/formopus2.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/formopus2.bouygues-immobilier.com:1447
    servicePrincipalName: MSSQLSvc/formopus1.bouygues-immobilier.com:1447
    servicePrincipalName: MSSQLSvc/formopus1.bouygues-immobilier.com
    servicePrincipalName: MSSQLSvc/formopus1.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/formopus01.bouygues-immobilier.com:1434
    servicePrincipalName: MSSQLSvc/formopus01.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/srv01044.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/INTBOUtest2.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/srv38010.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/srv01019.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/srv01019bis.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/srv01036bis.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/srv26253.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/srv26253bis.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/INTBOU01BIS.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/srv01034old.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/srv01034bis.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/srv01063.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/SRV01016old.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/srv01016ter.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/srv37254.bouygues-immobilier.com:1433
    servicePrincipalName: MSSQLSvc/srv38016.bouygues-immobilier.com:1433
    dn: CN=INTBOU25,OU=Integration,OU=Serveurs,OU=Ordinate urs,DC=bouygues-immobilier,DC=com
    changetype: add
    servicePrincipalName: MSSQLSvc/INTBOU25.bouygues-immobilier.com:1433
    servicePrincipalName: HOST/INTBOU25
    servicePrincipalName: HOST/INTBOU25.bouygues-immobilier.com

    What can i do next ? I want to know wich SPN i have to delete.

    Thanks

  • #2
    Re: KDC error 11

    Hi,

    Method 1: Use the LDP support tool
    Note If you do not have the Windows 2000 support tools installed, install them from the Windows 2000 CD-ROM before you continue. The Setup executable file for the support tools is located on the CD-ROM in the Support\Tools folder. The installation does not require that you restart the computer. However, you may have to restart the computer to update the environment variables.
    Click Start, click Run, type LDP, and then click OK.
    Click Connection, and then click Connect.
    Leave the default settings, and then click OK.

    Note If you do not receive the expected result, try another search by using the Global Catalog Port (326 instead of the default setting (389).
    Click Connection, and then click Bind.
    Leave the default settings, and then click OK.
    Click View, and then click Tree.
    In the Tree View dialog box, type DC=YourDomain,DC=com in the BaseDN box, where YourDomain is your domain.
    Click Browse, and then click Search.
    In the Search dialog box, type DC=YourDomain,DC=com in the BaseDN box.
    In the Search dialog box, type (serviceprincipalname=HOST/mycomputer.mydomain.com) in the Filter box. If the service principal name that is referred to in the error in the System log differs from this example, type the service principal name to which the error refers.

    Note If you do not receive the expected result, try searching for " HOST/" as opposed to searching only for the exact SPN in the event ID.
    Under Scope, click Subtree.
    Click Run.
    Back to the top

    Method 2: Use the Ldifde utility
    Use the Ldifde utility to dump the SPN for the forest:
    From the domain controller, open a command prompt, and then type the following string:
    ldifde -f check_SPN.txt -t 3268 -d "" -l servicePrincipalName -r "(servicePrincipalName=HOST/mycomputer*)" -p subtree
    (Note Because you use the -t 3268 parameter to specify that a global catalog (GC) server is used in the query, and you do not use the -d parameter to specify an explicit distinguished name (DN), the forest root DN is used with the HOST/mycomputer* parameter. Therefore, you can look for all SPNs that contains this string.
    Open the check_SPN.txt file in Notepad, and then search for the SPN that is reported in the event log.
    Note the user accounts and the computer accounts under which the SPN is located.
    Back to the top

    Method 3:
    Use the querySpn.vbs script in the following Microsoft TechNet article. To use the script, copy the code, paste it into Notepad, and then save the script as querySpn.vbs.
    http://www.microsoft.com/technet/scr.../spnquery.mspx (http://www.microsoft.com/technet/scr.../spnquery.mspx)
    Run the script by using the following command:
    cscript spnquery.vbs HOST/mycomputer* >check_SPN.txt
    Note The obtained output file check_SPN.txt from the script in Method 3 can be used the same way as described in Method 2.

    Ref: http://support.microsoft.com/kb/321044

    P.S Delete the ones that have been logged in your event log.
    Last edited by L4ndy; 6th March 2009, 15:18.
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: KDC error 11

      Thank you but how delete the spn ?

      Comment


      • #4
        Re: KDC error 11

        You can do it with setspn -d. Follow the link for more info on the syntax.
        or you can use the ADSI Edit MMC snap-in to delete the duplicate SPN values.

        Cheers
        Caesar's cipher - 3

        ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

        SFX JNRS FC U6 MNGR

        Comment


        • #5
          Re: KDC error 11

          Originally posted by L4ndy View Post
          You can do it with setspn -d. Follow the link for more info on the syntax.
          or you can use the ADSI Edit MMC snap-in to delete the duplicate SPN values.

          Cheers
          Thank you !

          Comment


          • #6
            Re: KDC error 11

            Hello !

            I want to know what is the veritable problem to leave this error ?
            If i don't delete the spn in double what i risk ?

            Thanks

            Comment


            • #7
              Re: KDC error 11

              It all depends on the account associated with it but have a read at this one especially the end section:
              http://msmvps.com/blogs/vandooren/ar...directory.aspx

              Ta
              Last edited by L4ndy; 12th March 2009, 16:01.
              Caesar's cipher - 3

              ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

              SFX JNRS FC U6 MNGR

              Comment


              • #8
                Re: KDC error 11

                Ok.
                Thanks

                Comment


                • #9
                  Re: KDC error 11

                  Votre post est fantastique! Je suis certain qu'il en intéressera plus d'un

                  micky Simulation pret

                  Comment

                  Working...
                  X