KDC Error

Hello:
I am getting a KDC error on my domain controllers system log. The error is
below.
Event Source: KDC
Event ID: 11
Description:
There are multiple accounts with name "MSSQLSvc/computer.domain.local:1433"
of type 10.
I have tracked this down to one of the developers domain admin accounts. It
is the "servicePrincipalName" on his account. This is the same
"servicePrincipalName" as the SQL server. I research this before and it was
thought perhaps he had install SQL under this account or at one point SQL
was running under this account. When I removed it SQL basically shutdown.
I immediately put it back. Later someone told me I should have just stopped
and restarted the SQL service and it would have corrected the problem.
Can anyone give me any input on this? This is a major production server and
I want to be very careful.
Harrison MidkiffHi
I am not sure about what the cause of this problem is, but the solution may
be to create a new service account, set SQL Server to use this account,
stop/restart SQL server at a scheduled time. Changing the old service account
should then not effect the SQL Server.
John
"Harrison Midkiff" wrote:
> Hello:
> I am getting a KDC error on my domain controllers system log. The error is
> below.
> Event Source: KDC
> Event ID: 11
> Description:
> There are multiple accounts with name "MSSQLSvc/computer.domain.local:1433"
> of type 10.
> I have tracked this down to one of the developers domain admin accounts. It
> is the "servicePrincipalName" on his account. This is the same
> "servicePrincipalName" as the SQL server. I research this before and it was
> thought perhaps he had install SQL under this account or at one point SQL
> was running under this account. When I removed it SQL basically shutdown.
> I immediately put it back. Later someone told me I should have just stopped
> and restarted the SQL service and it would have corrected the problem.
> Can anyone give me any input on this? This is a major production server and
> I want to be very careful.
> Harrison Midkiff
>
>|||Hi Harrison ,
This issue can occur if SQL accout is changed from Machine account to
service account. The SPN for the machine account was not removed from the
domain.
I suggest that you use LDIFDE to export the domain to text file and seach
for MSSQLSVC.
Syntax was:
LDIFDE -d DC=DEFIANT,DC=pactsolutions,DC=com, DC=au -f c:\export.txt
After you locate the duplicate SPN, you can use the Adsiedit.msc tool to go
to the object, view the duplicate SPN value, and remove the duplicate SPN
value. To determine which one was the one in current use, please delete one
of the
MSSQLSvc/uohssrv1.uohs.uottawa.ca:1433 SPNs, then restarted the SQL
service(s).
The SQL service will re-add the SPN on the currently in use service
account. If it is not readded, then the duplicate has been removed.
You can refer to the following article for more related information about
Kerberos Terminology and Service Principle Name (SPN).
811889.KB.EN-US HOW TO: Troubleshoot the "Cannot Generate SSPI Context"
Error Message
http://support.microsoft.com/default.aspx?scid=KB;EN-US;811889
Hope this helps.
Best regards,
Vincent Xu
Microsoft Online Partner Support
======================================================Get Secure! - www.microsoft.com/security
======================================================When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================>>Reply-To: "Harrison Midkiff" <HMidkiff@.aviinc.com>
>>From: "Harrison Midkiff" <HMidkiff@.aviinc.com>
>>Subject: KDC Error
>>Date: Thu, 11 May 2006 19:00:26 -0400
>>Lines: 25
>>Organization: Audio Visual Innovations, Inc.
>>X-Priority: 3
>>X-MSMail-Priority: Normal
>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
>>X-RFC2646: Format=Flowed; Original
>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
>>Message-ID: <eVgny6UdGHA.3348@.TK2MSFTNGP03.phx.gbl>
>>Newsgroups: microsoft.public.sqlserver.server
>>NNTP-Posting-Host: 208.5.55.190
>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP03.phx.gbl
>>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.sqlserver.server:431203
>>X-Tomcat-NG: microsoft.public.sqlserver.server
>>Hello:
>>I am getting a KDC error on my domain controllers system log. The error
is
>>below.
>>Event Source: KDC
>>Event ID: 11
>>Description:
>>There are multiple accounts with name
"MSSQLSvc/computer.domain.local:1433"
>>of type 10.
>>I have tracked this down to one of the developers domain admin accounts.
It
>>is the "servicePrincipalName" on his account. This is the same
>>"servicePrincipalName" as the SQL server. I research this before and it
was
>>thought perhaps he had install SQL under this account or at one point SQL
>>was running under this account. When I removed it SQL basically
shutdown.
>>I immediately put it back. Later someone told me I should have just
stopped
>>and restarted the SQL service and it would have corrected the problem.
>>Can anyone give me any input on this? This is a major production server
and
>>I want to be very careful.
>>Harrison Midkiff
>>