Monday, February 20, 2012

KDC Problem

Hello:
A while back I started getting KDC errors in my System log on my domain
controller. The error is:
Event Type: Error
Event Source: KDC
Event Category: None
Event ID: 11
Date: 3/16/2005
Time: 9:34:08 AM
User: N/A
Computer: TPADC1
Description:
There are multiple accounts with name MSSQLSvc/elvis.aviinc.local:1433 of
type 10.
After researching this I did a "ldifde" dump of the active directory
database and then searched the dump and found a double entry for
"MSSQLSvc/elvis.aviinc.local:1433". I found it duplicated on one of the
domain admins accounts. Since this appeared to be a duplicate I decided to
delete it. Within a few minutes I had problems with connections to SQL. I
put it back right away and then everything was working fine again.
Obviously the SQL server has some kind of a link to this...
I have done some searching but have not found anything on it. Does anyone
have any suggestions on cleaning this up?
Harrison Midkiff
Have a look at http://support.microsoft.com/default...b;en-us;321044
Peter
"Do not awake the sleeping dragon for you are crunchy and taste good with
ketchup".
Peter The Spate
"Harrison Midkiff" wrote:

> Hello:
> A while back I started getting KDC errors in my System log on my domain
> controller. The error is:
> Event Type: Error
> Event Source: KDC
> Event Category: None
> Event ID: 11
> Date: 3/16/2005
> Time: 9:34:08 AM
> User: N/A
> Computer: TPADC1
> Description:
> There are multiple accounts with name MSSQLSvc/elvis.aviinc.local:1433 of
> type 10.
> After researching this I did a "ldifde" dump of the active directory
> database and then searched the dump and found a double entry for
> "MSSQLSvc/elvis.aviinc.local:1433". I found it duplicated on one of the
> domain admins accounts. Since this appeared to be a duplicate I decided to
> delete it. Within a few minutes I had problems with connections to SQL. I
> put it back right away and then everything was working fine again.
> Obviously the SQL server has some kind of a link to this...
> I have done some searching but have not found anything on it. Does anyone
> have any suggestions on cleaning this up?
> Harrison Midkiff
>
>
|||Peter:
Thanks for replying to my post.
This is the article I followed which allowed me to find the duplicate but is
was on a user account not a computer account. I think perhaps SQL has
something in it hard coded to reference this user account.
Any suggestions welcome...
Harrison Midkiff
"Peter 'Not Peter The Spate' Nolan"
<PeterNotPeterTheSpateNolan@.discussions.microsoft. com> wrote in message
news:AEC55981-252F-4AF5-B46A-BCC8C71F330E@.microsoft.com...[vbcol=seagreen]
> Have a look at
> http://support.microsoft.com/default...b;en-us;321044
> Peter
> "Do not awake the sleeping dragon for you are crunchy and taste good with
> ketchup".
> Peter The Spate
> "Harrison Midkiff" wrote:
|||try with setspn tool
or
1. use adsiedit.msc and show servicePrincipalName for your sql server
(computer account)
2. use ldp.exe and search for "servicePrincipalName=MSSQLSvc/elvis*"
delete duplicated spn
-- -- "Within a few minutes I had problems with connections to SQL. "
what? error message?
"Harrison Midkiff" wrote:

> Peter:
> Thanks for replying to my post.
> This is the article I followed which allowed me to find the duplicate but is
> was on a user account not a computer account. I think perhaps SQL has
> something in it hard coded to reference this user account.
> Any suggestions welcome...
> Harrison Midkiff
> "Peter 'Not Peter The Spate' Nolan"
> <PeterNotPeterTheSpateNolan@.discussions.microsoft. com> wrote in message
> news:AEC55981-252F-4AF5-B46A-BCC8C71F330E@.microsoft.com...
>
>
|||Yes. To determine which domain account is the one that is currently being
used, we can use Adsiedit.msc to delete one of the
MSSQLSvc/elvis.aviinc.local:1433 SPNs, then *restart* the SQL service(s).
The SQL service will re-add the SPN on the currently used service account.
If it was not readded, then the duplicate has been removed.
Adsiedit.msc and Ldp.exe are included on the Windows 2000 installation CD.
You can install these tools from the CD in Support\Tools\Setup.exe
Sincerely,
William Wang
Microsoft Online Partner Support
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
This posting is provided "AS IS" with no warranties, and confers no rights.
--
>Thread-Topic: KDC Problem
>thread-index: AcUqezBszBBVWy/FSSSK8UVZqmT1Hg==
>X-WBNR-Posting-Host: 212.200.135.192
>From: "=?Utf-8?B?QWxla3NhbmRhciBHcmJpYw==?="
<AleksandarGrbic@.discussions.microsoft.com>
>References: <uHsGc7jKFHA.2764@.tk2msftngp13.phx.gbl>
<AEC55981-252F-4AF5-B46A-BCC8C71F330E@.microsoft.com>
<#mEsdElKFHA.604@.TK2MSFTNGP10.phx.gbl>[vbcol=seagreen]
>Subject: Re: KDC Problem
>Date: Wed, 16 Mar 2005 14:55:03 -0800
>Lines: 81
>Message-ID: <3DA4EE90-C742-482D-B063-C81B448C47E1@.microsoft.com>
>MIME-Version: 1.0
>Content-Type: text/plain;
>charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups: microsoft.public.sqlserver.server
>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
>Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSF TNGXA03.phx.gbl
>Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.sqlserver.server:382093
>X-Tomcat-NG: microsoft.public.sqlserver.server
>try with setspn tool
>or
>1. use adsiedit.msc and show servicePrincipalName for your sql server
>(computer account)
>2. use ldp.exe and search for "servicePrincipalName=MSSQLSvc/elvis*"
>delete duplicated spn
>-- -- "Within a few minutes I had problems with connections to SQL. "
>what? error message?
>
>
>"Harrison Midkiff" wrote:
but is[vbcol=seagreen]
with[vbcol=seagreen]
domain[vbcol=seagreen]
MSSQLSvc/elvis.aviinc.local:1433 of[vbcol=seagreen]
the[vbcol=seagreen]
decided[vbcol=seagreen]
SQL.
>
|||Aleksandar:
Thanks for replying to my post.
The error which was appearing on the SQL Enterprise Manager was, "Unable to initialize SSPI context".
Any suggestions?
Harrison Midkiff
"Aleksandar Grbic" <AleksandarGrbic@.discussions.microsoft.com> wrote in message news:3DA4EE90-C742-482D-B063-C81B448C47E1@.microsoft.com...[vbcol=seagreen]
> try with setspn tool
> or
> 1. use adsiedit.msc and show servicePrincipalName for your sql server
> (computer account)
> 2. use ldp.exe and search for "servicePrincipalName=MSSQLSvc/elvis*"
> delete duplicated spn
> -- -- "Within a few minutes I had problems with connections to SQL. "
> what? error message?
>
>
> "Harrison Midkiff" wrote:
|||Hi Harrison,
You may want to restart the SQL Server service after you have removed the
duplicate SPN. If the SPN is re-added, remove the other SPN and then
restart the SQL Server service.
Feel free to let me know if this resolves your problem.
Sincerely,
William Wang
Microsoft Online Partner Support
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
This posting is provided "AS IS" with no warranties, and confers no rights.
--
>Reply-To: "Harrison Midkiff" <HMidkiff@.aviinc.com>
>From: "Harrison Midkiff" <HMidkiff@.aviinc.com>
>References: <uHsGc7jKFHA.2764@.tk2msftngp13.phx.gbl>
<AEC55981-252F-4AF5-B46A-BCC8C71F330E@.microsoft.com>
<#mEsdElKFHA.604@.TK2MSFTNGP10.phx.gbl>
<3DA4EE90-C742-482D-B063-C81B448C47E1@.microsoft.com>
>Subject: Re: KDC Problem
>Date: Thu, 17 Mar 2005 13:03:45 -0500
>Lines: 254
>Organization: Audio Visual Innovations, Inc.
>MIME-Version: 1.0
>Content-Type: multipart/alternative;
>boundary="--=_NextPart_000_012E_01C52AF1.C085DB50"
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>Message-ID: <O3FTruxKFHA.1156@.TK2MSFTNGP09.phx.gbl>
>Newsgroups: microsoft.public.sqlserver.server
>NNTP-Posting-Host: 208.5.55.183
>Path:
TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSF TNGP08.phx.gbl!TK2MSFTNGP0
9.phx.gbl
>Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.sqlserver.server:382241
>X-Tomcat-NG: microsoft.public.sqlserver.server
>Aleksandar:
>Thanks for replying to my post.
>The error which was appearing on the SQL Enterprise Manager was, "Unable
to initialize SSPI context".
>Any suggestions?
>Harrison Midkiff
>"Aleksandar Grbic" <AleksandarGrbic@.discussions.microsoft.com> wrote in
message news:3DA4EE90-C742-482D-B063-C81B448C47E1@.microsoft.com...[vbcol=seagreen]
(computer account)[vbcol=seagreen]
what? error message?[vbcol=seagreen]
but is[vbcol=seagreen]
with[vbcol=seagreen]
domain[vbcol=seagreen]
MSSQLSvc/elvis.aviinc.local:1433 of[vbcol=seagreen]
the[vbcol=seagreen]
decided[vbcol=seagreen]
SQL.
>
|||In almost every case I remember SSPI errors was related with wrong DNS
records, so check the DNS.
(ex computer name is London instead of London.nwtraders.msft ) SETSPN works
with FQDN only.
Regards,
Daniel
"Harrison Midkiff" <HMidkiff@.aviinc.com> wrote in message
news:uHsGc7jKFHA.2764@.tk2msftngp13.phx.gbl...
> Hello:
> A while back I started getting KDC errors in my System log on my domain
> controller. The error is:
> Event Type: Error
> Event Source: KDC
> Event Category: None
> Event ID: 11
> Date: 3/16/2005
> Time: 9:34:08 AM
> User: N/A
> Computer: TPADC1
> Description:
> There are multiple accounts with name MSSQLSvc/elvis.aviinc.local:1433 of
> type 10.
> After researching this I did a "ldifde" dump of the active directory
> database and then searched the dump and found a double entry for
> "MSSQLSvc/elvis.aviinc.local:1433". I found it duplicated on one of the
> domain admins accounts. Since this appeared to be a duplicate I decided
to
> delete it. Within a few minutes I had problems with connections to SQL.
I
> put it back right away and then everything was working fine again.
> Obviously the SQL server has some kind of a link to this...
> I have done some searching but have not found anything on it. Does anyone
> have any suggestions on cleaning this up?
> Harrison Midkiff
>
|||William:
Thanks for replying to my post. Do you know of any tech net articles which
may explain this behavior. The reason I ask is due to the sensitive nature
of SQL we are going to have a meeting before we attempt any changes.
Thanks.
Harrison Midkiff
"William Wang[MSFT]" <v-rxwang@.online.microsoft.com> wrote in message
news:lcT4rWsLFHA.1376@.TK2MSFTNGXA02.phx.gbl...
> Hi Harrison,
> You may want to restart the SQL Server service after you have removed the
> duplicate SPN. If the SPN is re-added, remove the other SPN and then
> restart the SQL Server service.
> Feel free to let me know if this resolves your problem.
> Sincerely,
> William Wang
> Microsoft Online Partner Support
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> --
> <AEC55981-252F-4AF5-B46A-BCC8C71F330E@.microsoft.com>
> <#mEsdElKFHA.604@.TK2MSFTNGP10.phx.gbl>
> <3DA4EE90-C742-482D-B063-C81B448C47E1@.microsoft.com>
> TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSF TNGP08.phx.gbl!TK2MSFTNGP0
> 9.phx.gbl
> to initialize SSPI context".
> message news:3DA4EE90-C742-482D-B063-C81B448C47E1@.microsoft.com...
> (computer account)
> what? error message?
> but is
> with
> domain
> MSSQLSvc/elvis.aviinc.local:1433 of
> the
> decided
> SQL.
>
|||Hi Harrison,
The relevent articles I could find are:
305971 Windows 2000 Server Prompts Domain User for Credentials
http://support.microsoft.com/?id=305971
811889 HOW TO: Troubleshoot the "Cannot Generate SSPI Context" Error Message
http://support.microsoft.com/?id=811889
HTH!
Sincerely,
William Wang
Microsoft Online Partner Support
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
This posting is provided "AS IS" with no warranties, and confers no rights.
--
>Reply-To: "Harrison Midkiff" <HMidkiff@.aviinc.com>
>From: "Harrison Midkiff" <HMidkiff@.aviinc.com>
>References: <uHsGc7jKFHA.2764@.tk2msftngp13.phx.gbl>
<AEC55981-252F-4AF5-B46A-BCC8C71F330E@.microsoft.com>
<#mEsdElKFHA.604@.TK2MSFTNGP10.phx.gbl>
<3DA4EE90-C742-482D-B063-C81B448C47E1@.microsoft.com>
<O3FTruxKFHA.1156@.TK2MSFTNGP09.phx.gbl>
<lcT4rWsLFHA.1376@.TK2MSFTNGXA02.phx.gbl>
>Subject: Re: KDC Problem
>Date: Wed, 23 Mar 2005 08:32:22 -0500
>Lines: 155
>Organization: Audio Visual Innovations, Inc.
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>X-RFC2646: Format=Flowed; Original
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>Message-ID: <Oi9BAz6LFHA.3328@.TK2MSFTNGP14.phx.gbl>
>Newsgroups: microsoft.public.sqlserver.server
>NNTP-Posting-Host: 208.5.55.190
>Path:
TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSF TNGP08.phx.gbl!TK2MSFTNGP1
4.phx.gbl
>Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.sqlserver.server:382949
>X-Tomcat-NG: microsoft.public.sqlserver.server
>William:
>Thanks for replying to my post. Do you know of any tech net articles
which
>may explain this behavior. The reason I ask is due to the sensitive
nature[vbcol=seagreen]
>of SQL we are going to have a meeting before we attempt any changes.
>Thanks.
>Harrison Midkiff
>"William Wang[MSFT]" <v-rxwang@.online.microsoft.com> wrote in message
>news:lcT4rWsLFHA.1376@.TK2MSFTNGXA02.phx.gbl...
TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSF TNGP08.phx.gbl!TK2MSFTNGP0[vbcol=seagreen]
>
message[vbcol=seagreen]
directory[vbcol=seagreen]
of
>
>
Posted by depredationnmqp at 2:45 AM
Labels: , , , , , , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)