Post reply

KDC error due to duplicate SPN on SQL 2K

  • January 9, 2008 at 12:11 pm

    #70566

    First let me say, I am no DBA, but I want to learn. I have a SQL 2000 Server that is running my Sharepoint Database that is causing errors on a domain controller, the error is below:

    There are multiple accounts with name MSSQLSvc/SPDB01.alcco.com:1433 of type DS_SERVICE_PRINCIPAL_NAME.

    Apparently the issue is common however, I don't understand how to resolve it. It states I have a duplicate SPN however I'm not sure where it is or how to get rid of it.

    My SQL service was running SQLServiceagent and MSSQLSqlserver using a local service account. When I detached the database adn reattached the database this error began to appear. The SQL is running on a Windows 2003 Enterprise Ed. R2 with SP2. I recently changed both service accounts to use the our domain SQL service user account, but that had no impact.

    Also I ran this query below in AD to find where the duplicate accounts are and it listed the server object and my user account.

    servicePrincipalName=MSSQLSvc/host.domain.com:1433

    So I ran the mmc ADSI Edit to figure out what I need to delete, but I'm not sure.

    Little help?

  • January 9, 2008 at 8:07 pm

    #766449

    Here is a link related to your question. Hopefully, it will be helpful.

    http://www.exforsys.com/forum/microsoft-crm/65955-kdc-error-11-spn.html

  • January 10, 2008 at 9:41 am

    #766720

    That was perfect, execpt for one problem. I changed the both the SQLServiceAgent and MSSQLService account to use a domain service account, without doing anything with the SPNs. I then restarted the SQL Service Services. I still get the same KDC error, however, When I run any ldap queries I do not see a duplicate account?

    Here is what I recieved when using ldp.exe:

    servicePrincipalName=host/spdb01.domain.com

    ldap_search_s(ld, "dc=domain, dc=com", 2, "(servicePrincipalName=host/spdb01.domain.com)", attrList, 0, &msg)

    Result : (null)

    Matched DNs:

    Getting 1 entries:

    >> Dn: CN=SPDB01,OU=Servers,OU=Dallas,DC=domain,DC=com

    5> objectClass: top; person; organizationalPerson; user; computer;

    1> cn: SPDB01;

    1> distinguishedName: CN=SPDB01,OU=Servers,OU=Dallas,DC=domain,DC=com;

    1> name: SPDB01;

    2> servicePrincipalName: HOST/SPDB01; HOST/SPDB01.domain.com;

    1> canonicalName: domain.com/Dallas/Servers/SPDB01;

    When I ran the ldap query below when both service accounts were local I received my user account and the server account.

    servicePrincipalName=MSSQL/spdb01.domain.com:1433

    ????

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply