Hi,
Got a KDC Error with the following description:
========================================
==
Event Type: Error
Event Source: KDC
Event Category: None
Event ID: 11
Date: 28-04-2005
Time: 2:01:01
User: N/A
Computer: server
Description:
There are multiple accounts with name MSSQLSvc/server.domain.local:1433 of
type DS_SERVICE_PRINCIPAL_NAME.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
========================================
==
The LDP-tool gives the following results:
========================================
==
***Searching...
ldap_search_s(ld, "DC=domain,DC=local", 2,
"serviceprincipalname=MSSQLSvc/server.domain.local:1433", attrList, 0,
&msg)
Result <0>: (null)
Matched DNs:
Getting 2 entries:[vbcol=seagreen]
4> objectClass: top; person; organizationalPerson; user;
1> cn: Administrator;
1> description: Built-in account for administering the computer/domain;
1> distinguishedName: CN=Administrator,CN=Users,DC=domain,DC=l
ocal;
1> name: Administrator;
1> canonicalName: domain.local/Users/Administrator;[vbcol=seagreen]
5> objectClass: top; person; organizationalPerson; user; computer;
1> cn: server;
1> distinguishedName: CN=server,OU=Domain Controllers,DC=domain,DC=local;
1> name: server;
1> canonicalName: domain.local/Domain Controllers/server;
========================================
==
Can anyone explain me what I can do about this? Deleting one of the accounts
is not an option I guess... I read that in some cases a computer or user
should be unregistered en registered again but in this case I'm not so
confident about it re-registring the Server itself or the
administrator-account..
Any help on this is much appreciated.
Michel Schuurman
Omni Trade Automatisering B.V.Somebody setup the SPN for the service account on those machines,
unfortunately the same SPN has been promoted more than one time.
Jens Suessmeyer.
"Michel Schuurman" <ms_remove_@.omni-trade.nl> schrieb im Newsbeitrag
news:uW9$Ad9SFHA.2172@.tk2msftngp13.phx.gbl...
> Hi,
> Got a KDC Error with the following description:
> ========================================
==
> Event Type: Error
> Event Source: KDC
> Event Category: None
> Event ID: 11
> Date: 28-04-2005
> Time: 2:01:01
> User: N/A
> Computer: server
> Description:
> There are multiple accounts with name MSSQLSvc/server.domain.local:1433 of
> type DS_SERVICE_PRINCIPAL_NAME.
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
> ========================================
==
>
> The LDP-tool gives the following results:
> ========================================
==
> ***Searching...
> ldap_search_s(ld, "DC=domain,DC=local", 2,
> "serviceprincipalname=MSSQLSvc/server.domain.local:1433", attrList, 0,
> &msg)
> Result <0>: (null)
> Matched DNs:
> Getting 2 entries:
> 4> objectClass: top; person; organizationalPerson; user;
> 1> cn: Administrator;
> 1> description: Built-in account for administering the computer/domain;
> 1> distinguishedName: CN=Administrator,CN=Users,DC=domain,DC=l
ocal;
> 1> name: Administrator;
> 1> canonicalName: domain.local/Users/Administrator;
> 5> objectClass: top; person; organizationalPerson; user; computer;
> 1> cn: server;
> 1> distinguishedName: CN=server,OU=Domain Controllers,DC=domain,DC=local;
> 1> name: server;
> 1> canonicalName: domain.local/Domain Controllers/server;
> ========================================
==
> Can anyone explain me what I can do about this? Deleting one of the
> accounts is not an option I guess... I read that in some cases a computer
> or user should be unregistered en registered again but in this case I'm
> not so confident about it re-registring the Server itself or the
> administrator-account..
> Any help on this is much appreciated.
>
> Michel Schuurman
> Omni Trade Automatisering B.V.
>|||The SPN should be registered under the account SQL is starting under, and
ONLY that account.
You can use the utility setspn to check for the existence of other spn's,
delete the ones you don't want, and add the one you need.
Please note...you are NOT deleting the ACCOUNT, but the Service Principle
Name, which resides IN that user object.
Here's an article with more info than you ever wanted to know about SQL and
SPN's.:
http://support.microsoft.com/defaul...kb;en-us;811889
but there are links to getting setspn in there.
Donna Lambert
"Jens Sü?meyer" wrote:
> Somebody setup the SPN for the service account on those machines,
> unfortunately the same SPN has been promoted more than one time.
> Jens Suessmeyer.
>
> "Michel Schuurman" <ms_remove_@.omni-trade.nl> schrieb im Newsbeitrag
> news:uW9$Ad9SFHA.2172@.tk2msftngp13.phx.gbl...
>
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment