Source: KDC Event ID: 11. Symbolic Name: KDCEVENT_NAME_NOT_UNIQUE

Discussion in 'Windows Small Business Server' started by Imtiaz Kiani, Jun 7, 2006.

  1. Imtiaz Kiani

    Imtiaz Kiani Guest

    I get following two errors on the Server. I had joined a new XP workstation
    with an similar existiing station ID with W2K which was removed from the
    network from the server Management console. I have tried to follow the help
    and support which suggests
    as follows but it does not give me duplicate

    "On the domain controller, do one or both of the following:

    For computer accounts, at the command prompt, type
    ldifde -f filename -d BaseDistinguishedName -r (objectclass=computer) -p
    subtree
    For user accounts, at the command prompt, type
    ldifde -f filename -d BaseDistinguishedName -r (objectclass=user) -p subtree
    "
    Your assistance is appreciated.
    Thanks Imtiaz Kiani

    Event Type: Error
    Event Source: KDC
    Event Category: None
    Event ID: 11
    Date: 07/06/2006
    Time: 12:34:57 PM
    User: N/A
    Computer: DC1
    Description:
    There are multiple accounts with name cifs/STN04.hucchc.local of type
    DS_SERVICE_PRINCIPAL_NAME.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.




    Event Type: Error
    Event Source: KDC
    Event Category: None
    Event ID: 11
    Date: 07/06/2006
    Time: 1:57:30 PM
    User: N/A
    Computer: DC1
    Description:
    There are multiple accounts with name host/stn04.hucchc.local of type
    DS_SERVICE_PRINCIPAL_NAME.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.
     
    Imtiaz Kiani, Jun 7, 2006
    #1
    1. Advertisements

  2. Hi,

    Thanks for posting here.

    According to your post, I understand your concern is that there is an
    EVENTID 11 error message in the event log. If I have misunderstood your
    concerns, please let me know.

    I suggest you do the following:

    I. Beside uninstalling/reinstalling Certificate service, do you do anything
    else on your CA server, such as rename, etc? Make sure the certificate
    server is still functioning after the add/remove actions.

    II. Let's manually find and correct duplicate SPNs

    1. From the domain controller, open a command prompt, and then type the
    following string:
    "ldifde -f computers.txt -d "dc=domain,dc=com" -r" (objectclass=computer)"
    -p subtree" (without the quotation marks)

    (NOTE: If the machines that seem to have the duplicate SPNs are located in
    a certain OU (for example, Florida), you can refine the base dn, for
    example: "-d "ou=florida,dc=mydomain,dc=com"" (without the quotation
    marks).

    2. Open the text file in Notepad, and then search for the SPN that is
    reported in the event log.

    3. Note the machine accounts under which the SPN is located.

    When you have located the computers that have the duplicate SPNs, you can
    either delete the machine account from the domain, disjoin and rejoin the
    machine to the domain, or you can use ADSIEdit to correct the SPN on the
    computer that has the incorrect SPN.

    In most cases, the computers have unique names, for example: machine1 and
    machine2.

    The SPN that is reported as duplicate may be HOST/machine1.mydomain.com.
    With ADSIEdit, you can edit the SPN list on machine2 to delete the
    duplicate SPN (HOST/machine1.mydomain.com), add the correct SPN
    (HOST/machine2.mydomain.com), and then allow it to replicate to your other
    domain controllers.

    I hope the above information helps.

    Have a nice day.

    Best Regards,

    Steven Zhu
    MCSE
    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security
    ======================================================
    PLEASE NOTE the newsgroup SECURE CODE and PASSWORD were
    updated on February 14, 2006.? Please complete a re-registration process
    by entering the secure code mmpng06 when prompted. Once you have
    entered the secure code mmpng06, you will be able to update your profile
    and access the partner newsgroups.
    ======================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from this issue.
    ======================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
    ======================================================
     
    Steven Zhu [MSFT], Jun 8, 2006
    #2
    1. Advertisements

  3. Imtiaz Kiani

    Imtiaz Kiani Guest

    Hi Steven.

    certificate services are not installed (checked) on this SBS 2003 premium ed
    server under add/remove programs, Add remove windows components.

    What should i do?
    regards
    Imtiaz
     
    Imtiaz Kiani, Jun 8, 2006
    #3
  4. Imtiaz Kiani

    Imtiaz Kiani Guest

    here is the result from the command.

    C:\>ldifde -f computers.txt -d "dc=abc,dc=local" -r "(objectclass=computer)"
    -p subtree
    Connecting to "dc1.abc.local"
    Logging in as current user using SSPI
    Exporting directory to file computers.txt
    Searching for entries...
    Writing out entries...............................
    31 entries exported

    The command has completed successfully
     
    Imtiaz Kiani, Jun 8, 2006
    #4
  5. Hi,

    Thanks for your new information.

    Accounting your description, I understand that you already complete run the
    C:\>ldifde -f computers.txt -d "dc=abc,dc=local" -r "(objectclass=computer)"
    -p subtree

    So please open the text file in Notepad, and then search for the SPN that
    is reported in the event log. Please note the machine accounts under which
    the SPN is located.

    When you have located the computers that have the duplicate SPNs, you can
    either delete the machine account from the domain, disjoin and rejoin the
    machine to the domain, or you can use ADSIEdit to correct the SPN on the
    computer that has the incorrect SPN.

    In most cases, the computers have unique names, for example: machine1 and
    machine2.

    The SPN that is reported as duplicate may be HOST/machine1.mydomain.com.
    With ADSIEdit, you can edit the SPN list on machine2 to delete the
    duplicate SPN (HOST/machine1.mydomain.com), add the correct SPN
    (HOST/machine2.mydomain.com), and then allow it to replicate to your other
    domain controllers.

    Please let me know the result above so that I can provide the further
    assistance on this issue. I am looking forward to your reply.

    Have a great day.

    Best Regards,

    Steven Zhu
    MCSE
    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security
    ======================================================
    PLEASE NOTE the newsgroup SECURE CODE and PASSWORD were
    updated on February 14, 2006.? Please complete a re-registration process
    by entering the secure code mmpng06 when prompted. Once you have
    entered the secure code mmpng06, you will be able to update your profile
    and access the partner newsgroups.
    ======================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from this issue.
    ======================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
    ======================================================
     
    Steven Zhu [MSFT], Jun 9, 2006
    #5
  6. Imtiaz Kiani

    althaf Guest

    Imtiaz Kiani wrote on 06/07/2006 16:33 ET
    Hi Steven

    I have a kind of different issue. For me on my DC when I type setspn - x I ge

    duplicate results, however on event log I always get Kerberos error for a use
    xyz whose name is not mentioned in setspn -x result

    I tried removing the user xyz from domain adding to workgroup and then back t
    Domain, still I am getting the same error. Please suggest whatelse I shoul
    try

    Also I would like to know if I remove the duplicate entries using setspn, onl
    duplicate will be removed or the user from Domain will also get removed

    If removed I need to add the user again

    I searched an answer for this on several forums, but never got any reply
    Expecting a response from you

    Thanks
    Althaf
     
    althaf, Mar 19, 2012
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.