Monday, February 20, 2012

KDC - 11

I have a Windows Server 2000 (SP4) with SQL Server 2000 (2 instances). My
server is domain controller also.
I frequently receiving next message in the Event Log of the Windows Server
2000 & 2003 computers:
Source: KDC
ID: 11
There are multiple accounts with name MSSQLSvc/comp.dom.ru:1118 of type 10.
I'm finding the 321044 article of the Microsoft Knowledge Base.
I'm using the LDP utility and type next filter:
servicePrincipalName=MSSQLSvc/comp.dom.ru:1433
I received next reply:
***Searching...
ldap_search_s(ld, "DC=dom,DC=ru", 2,
"servicePrincipalName=MSSQLSvc/comp.dom.ru:1118", attrList, 0, &msg)
Result <0>: (null)
Matched DNs:
Getting 2 entries:
>> Dn: CN=comp,OU=Domain Controllers,DC=dom,DC=ru
1> canonicalName: dom.ru/Domain Controllers/comp;
1> cn: comp;
1> distinguishedName: CN=comp,OU=Domain Controllers,DC=dom,DC=ru;
5> objectClass: top; person; organizationalPerson; user; computer;
1> name: comp;
>> Dn: CN=Administrator,CN=Users,DC=dom,DC=ru
1> canonicalName: <ldp: Binary blob>;
1> cn: <ldp: Binary blob>;
1> description: <ldp: Binary blob>;
1> distinguishedName: <ldp: Binary blob>;
4> objectClass: top; person; organizationalPerson; user;
1> name: <ldp: Binary blob>;
And what? Must I delete comp account? But comp is domain controller.
What can I do?
Michael S. AndrosovHi
Check out the part in the KB that talks about using ADIEdit. You need to
change the incorrect SPN.
John
"Michael S. Androsov" wrote:
> I have a Windows Server 2000 (SP4) with SQL Server 2000 (2 instances). My
> server is domain controller also.
> I frequently receiving next message in the Event Log of the Windows Server
> 2000 & 2003 computers:
> Source: KDC
> ID: 11
> There are multiple accounts with name MSSQLSvc/comp.dom.ru:1118 of type 10.
> I'm finding the 321044 article of the Microsoft Knowledge Base.
> I'm using the LDP utility and type next filter:
> servicePrincipalName=MSSQLSvc/comp.dom.ru:1433
> I received next reply:
> ***Searching...
> ldap_search_s(ld, "DC=dom,DC=ru", 2,
> "servicePrincipalName=MSSQLSvc/comp.dom.ru:1118", attrList, 0, &msg)
> Result <0>: (null)
> Matched DNs:
> Getting 2 entries:
> >> Dn: CN=comp,OU=Domain Controllers,DC=dom,DC=ru
> 1> canonicalName: dom.ru/Domain Controllers/comp;
> 1> cn: comp;
> 1> distinguishedName: CN=comp,OU=Domain Controllers,DC=dom,DC=ru;
> 5> objectClass: top; person; organizationalPerson; user; computer;
> 1> name: comp;
> >> Dn: CN=Administrator,CN=Users,DC=dom,DC=ru
> 1> canonicalName: <ldp: Binary blob>;
> 1> cn: <ldp: Binary blob>;
> 1> description: <ldp: Binary blob>;
> 1> distinguishedName: <ldp: Binary blob>;
> 4> objectClass: top; person; organizationalPerson; user;
> 1> name: <ldp: Binary blob>;
> And what? Must I delete comp account? But comp is domain controller.
> What can I do?
> Michael S. Androsov
>|||Hi! Thank you very much for answer.
Excuse me. I'm not master in to the ADSIEdit and AD tools.
Can you help me? What I must doing after ADSIEDit loaded? What I search and
what is the part? I see the partition: Domain NC; Configuration Container and
Schema.
I don't know where I must seeking dublicate SPN.
Thanks,
Michael S. Androsov
"John Bell" пиÑ?еÑ?:
> Hi
> Check out the part in the KB that talks about using ADIEdit. You need to
> change the incorrect SPN.
> John
> "Michael S. Androsov" wrote:
> > I have a Windows Server 2000 (SP4) with SQL Server 2000 (2 instances). My
> > server is domain controller also.
> > I frequently receiving next message in the Event Log of the Windows Server
> > 2000 & 2003 computers:
> > Source: KDC
> > ID: 11
> > There are multiple accounts with name MSSQLSvc/comp.dom.ru:1118 of type 10.
> >
> > I'm finding the 321044 article of the Microsoft Knowledge Base.
> > I'm using the LDP utility and type next filter:
> > servicePrincipalName=MSSQLSvc/comp.dom.ru:1433
> > I received next reply:
> > ***Searching...
> > ldap_search_s(ld, "DC=dom,DC=ru", 2,
> > "servicePrincipalName=MSSQLSvc/comp.dom.ru:1118", attrList, 0, &msg)
> > Result <0>: (null)
> > Matched DNs:
> > Getting 2 entries:
> > >> Dn: CN=comp,OU=Domain Controllers,DC=dom,DC=ru
> > 1> canonicalName: dom.ru/Domain Controllers/comp;
> > 1> cn: comp;
> > 1> distinguishedName: CN=comp,OU=Domain Controllers,DC=dom,DC=ru;
> > 5> objectClass: top; person; organizationalPerson; user; computer;
> > 1> name: comp;
> > >> Dn: CN=Administrator,CN=Users,DC=dom,DC=ru
> > 1> canonicalName: <ldp: Binary blob>;
> > 1> cn: <ldp: Binary blob>;
> > 1> description: <ldp: Binary blob>;
> > 1> distinguishedName: <ldp: Binary blob>;
> > 4> objectClass: top; person; organizationalPerson; user;
> > 1> name: <ldp: Binary blob>;
> >
> > And what? Must I delete comp account? But comp is domain controller.
> >
> > What can I do?
> >
> > Michael S. Androsov
> >
> >|||Hi
Your duplicate spn is probably MSSQLSvc/comp.dom.ru. I am not an AD expert
but the following tells you how to search using ADSI Edit
http://support.microsoft.com/default.aspx?scid=kb;en-us;312299
You may want to post in
http://www.microsoft.com/technet/community/newsgroups/dgbrowser/en-us/default.mspx?dg=microsoft.public.windows.server.active_directory
or
http://www.microsoft.com/technet/community/newsgroups/dgbrowser/en-us/default.mspx?dg=microsoft.public.win2000.active_directory
John
"Michael S. Androsov" wrote:
> Hi! Thank you very much for answer.
> Excuse me. I'm not master in to the ADSIEdit and AD tools.
> Can you help me? What I must doing after ADSIEDit loaded? What I search and
> what is the part? I see the partition: Domain NC; Configuration Container and
> Schema.
> I don't know where I must seeking dublicate SPN.
> Thanks,
> Michael S. Androsov
> "John Bell" пиÑ?еÑ?:
> > Hi
> >
> > Check out the part in the KB that talks about using ADIEdit. You need to
> > change the incorrect SPN.
> >
> > John
> >
> > "Michael S. Androsov" wrote:
> >
> > > I have a Windows Server 2000 (SP4) with SQL Server 2000 (2 instances). My
> > > server is domain controller also.
> > > I frequently receiving next message in the Event Log of the Windows Server
> > > 2000 & 2003 computers:
> > > Source: KDC
> > > ID: 11
> > > There are multiple accounts with name MSSQLSvc/comp.dom.ru:1118 of type 10.
> > >
> > > I'm finding the 321044 article of the Microsoft Knowledge Base.
> > > I'm using the LDP utility and type next filter:
> > > servicePrincipalName=MSSQLSvc/comp.dom.ru:1433
> > > I received next reply:
> > > ***Searching...
> > > ldap_search_s(ld, "DC=dom,DC=ru", 2,
> > > "servicePrincipalName=MSSQLSvc/comp.dom.ru:1118", attrList, 0, &msg)
> > > Result <0>: (null)
> > > Matched DNs:
> > > Getting 2 entries:
> > > >> Dn: CN=comp,OU=Domain Controllers,DC=dom,DC=ru
> > > 1> canonicalName: dom.ru/Domain Controllers/comp;
> > > 1> cn: comp;
> > > 1> distinguishedName: CN=comp,OU=Domain Controllers,DC=dom,DC=ru;
> > > 5> objectClass: top; person; organizationalPerson; user; computer;
> > > 1> name: comp;
> > > >> Dn: CN=Administrator,CN=Users,DC=dom,DC=ru
> > > 1> canonicalName: <ldp: Binary blob>;
> > > 1> cn: <ldp: Binary blob>;
> > > 1> description: <ldp: Binary blob>;
> > > 1> distinguishedName: <ldp: Binary blob>;
> > > 4> objectClass: top; person; organizationalPerson; user;
> > > 1> name: <ldp: Binary blob>;
> > >
> > > And what? Must I delete comp account? But comp is domain controller.
> > >
> > > What can I do?
> > >
> > > Michael S. Androsov
> > >
> > >
Posted by depredationnmqp at 2:43 AM
Labels: , , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)