Announcement

Collapse
No announcement yet.

multiple accounts with name MSSQLSvc

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • multiple accounts with name MSSQLSvc

    Event Type: Error
    Event Source: KDC
    Event Category: None
    Event ID: 11
    Date: 3/02/2011
    Time: 8:23:21 AM
    User: N/A
    Computer: dom-EXG
    Description:
    There are multiple accounts with name MSSQLSvc/SQL.dom.Local:1433 of type DS_SERVICE_PRINCIPAL_NAME.
    For more information, see Help and Support Center at

    I just run this

    ldifde -f check_SPN.txt -t 3268 -d "" -l servicePrincipalName -r "(servicePrincipalName=MSSQLSvc/SQL.dom.Local:1433*)" -p subtree

    dn: CN=Administrator,CN=Users,DC=dom,DC=Local
    changetype: add
    servicePrincipalName: MSSQLSvc/SQL.dom.Local:1433
    servicePrincipalName: MSSQLSvc/SQL.dom.Local
    servicePrincipalName: MSSQLSvc/tr.dom.Local:1433


    1.Add ADSIEdit to the MMC and bind to the domain using the Domain well known naming context.

    But need to know which one to delete from abobe 3 SPN account?
    AusNetIT Solutions

    Web Design | Web Hosting | SEO | IT Support

  • #2
    Re: multiple accounts with name MSSQLSvc

    What is the impact on this error ? What operational and functional issues you are running into?
    Thanks & Regards
    v-2nas

    MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
    Sr. Wintel Eng. (Investment Bank)
    Independent IT Consultant and Architect
    Blog: http://www.exchadtech.blogspot.com

    Show your appreciation for my help by giving reputation points

    Comment


    • #3
      Re: multiple accounts with name MSSQLSvc

      What happens if you run.

      Code:
      setspn -T * -X -P
      When SQL starts using a service account it should register its SPN on the account (when it stops it removes it as well) however.... by default standard accounts don't have this privilege. From your info it looks like the administrator account was used to start SQL somewhere (a bad idea), if you know it doesn't then you could think about deleting all of them.

      They are easy to re-add if you run into issues using the setspn util too.

      EDIT:
      Also for v-2nas. You will likely run into kerberos errors and have issues with delegation if SPNs conflict.
      Last edited by AndyJG247; 6th February 2011, 00:31.
      cheers
      Andy

      Please read this before you post:


      Quis custodiet ipsos custodes?

      Comment


      • #4
        Re: multiple accounts with name MSSQLSvc

        Thx for replying Andy. In cosy's case all are spn are different

        servicePrincipalName: MSSQLSvc/SQL.dom.Local:1433 : Different port
        servicePrincipalName: MSSQLSvc/SQL.dom.Local : Default Port (may be)
        servicePrincipalName: MSSQLSvc/tr.dom.Local:1433 : different domain.

        So was trying to understand what problem does he faces.
        Thanks & Regards
        v-2nas

        MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
        Sr. Wintel Eng. (Investment Bank)
        Independent IT Consultant and Architect
        Blog: http://www.exchadtech.blogspot.com

        Show your appreciation for my help by giving reputation points

        Comment


        • #5
          Re: multiple accounts with name MSSQLSvc

          I don't doubt that mate. Was just indicating some of the problems that can occur
          cheers
          Andy

          Please read this before you post:


          Quis custodiet ipsos custodes?

          Comment

          Working...
          X