A while back I started getting KDC errors in my System log on my domain
controller. The error is:
Event Type: Error
Event Source: KDC
Event Category: None
Event ID: 11
Date: 3/16/2005
Time: 9:34:08 AM
User: N/A
Computer: TPADC1
Description:
There are multiple accounts with name MSSQLSvc/elvis.aviinc.local:1433 of
type 10.
After researching this I did a "ldifde" dump of the active directory
database and then searched the dump and found a double entry for
"MSSQLSvc/elvis.aviinc.local:1433". I found it duplicated on one of the
domain admins accounts. Since this appeared to be a duplicate I decided to
delete it. Within a few minutes I had problems with connections to SQL. I
put it back right away and then everything was working fine again.
Obviously the SQL server has some kind of a link to this...
I have done some searching but have not found anything on it. Does anyone
have any suggestions on cleaning this up?
Harrison MidkiffHave a look at http://support.microsoft.com/default.aspx?scid=kb;en-us;321044
Peter
"Do not awake the sleeping dragon for you are crunchy and taste good with
ketchup".
Peter The Spate
"Harrison Midkiff" wrote:
> Hello:
> A while back I started getting KDC errors in my System log on my domain
> controller. The error is:
> Event Type: Error
> Event Source: KDC
> Event Category: None
> Event ID: 11
> Date: 3/16/2005
> Time: 9:34:08 AM
> User: N/A
> Computer: TPADC1
> Description:
> There are multiple accounts with name MSSQLSvc/elvis.aviinc.local:1433 of
> type 10.
> After researching this I did a "ldifde" dump of the active directory
> database and then searched the dump and found a double entry for
> "MSSQLSvc/elvis.aviinc.local:1433". I found it duplicated on one of the
> domain admins accounts. Since this appeared to be a duplicate I decided to
> delete it. Within a few minutes I had problems with connections to SQL. I
> put it back right away and then everything was working fine again.
> Obviously the SQL server has some kind of a link to this...
> I have done some searching but have not found anything on it. Does anyone
> have any suggestions on cleaning this up?
> Harrison Midkiff
>
>|||Peter:
Thanks for replying to my post.
This is the article I followed which allowed me to find the duplicate but is
was on a user account not a computer account. I think perhaps SQL has
something in it hard coded to reference this user account.
Any suggestions welcome...
Harrison Midkiff
"Peter 'Not Peter The Spate' Nolan"
<PeterNotPeterTheSpateNolan@.discussions.microsoft.com> wrote in message
news:AEC55981-252F-4AF5-B46A-BCC8C71F330E@.microsoft.com...
> Have a look at
> http://support.microsoft.com/default.aspx?scid=kb;en-us;321044
> Peter
> "Do not awake the sleeping dragon for you are crunchy and taste good with
> ketchup".
> Peter The Spate
> "Harrison Midkiff" wrote:
>> Hello:
>> A while back I started getting KDC errors in my System log on my domain
>> controller. The error is:
>> Event Type: Error
>> Event Source: KDC
>> Event Category: None
>> Event ID: 11
>> Date: 3/16/2005
>> Time: 9:34:08 AM
>> User: N/A
>> Computer: TPADC1
>> Description:
>> There are multiple accounts with name MSSQLSvc/elvis.aviinc.local:1433 of
>> type 10.
>> After researching this I did a "ldifde" dump of the active directory
>> database and then searched the dump and found a double entry for
>> "MSSQLSvc/elvis.aviinc.local:1433". I found it duplicated on one of the
>> domain admins accounts. Since this appeared to be a duplicate I decided
>> to
>> delete it. Within a few minutes I had problems with connections to SQL.
>> I
>> put it back right away and then everything was working fine again.
>> Obviously the SQL server has some kind of a link to this...
>> I have done some searching but have not found anything on it. Does
>> anyone
>> have any suggestions on cleaning this up?
>> Harrison Midkiff
>>|||try with setspn tool
or
1. use adsiedit.msc and show servicePrincipalName for your sql server
(computer account)
2. use ldp.exe and search for "servicePrincipalName=MSSQLSvc/elvis*"
delete duplicated spn
-- -- "Within a few minutes I had problems with connections to SQL. "
what? error message'
"Harrison Midkiff" wrote:
> Peter:
> Thanks for replying to my post.
> This is the article I followed which allowed me to find the duplicate but is
> was on a user account not a computer account. I think perhaps SQL has
> something in it hard coded to reference this user account.
> Any suggestions welcome...
> Harrison Midkiff
> "Peter 'Not Peter The Spate' Nolan"
> <PeterNotPeterTheSpateNolan@.discussions.microsoft.com> wrote in message
> news:AEC55981-252F-4AF5-B46A-BCC8C71F330E@.microsoft.com...
> > Have a look at
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;321044
> >
> > Peter
> >
> > "Do not awake the sleeping dragon for you are crunchy and taste good with
> > ketchup".
> > Peter The Spate
> >
> > "Harrison Midkiff" wrote:
> >
> >> Hello:
> >>
> >> A while back I started getting KDC errors in my System log on my domain
> >> controller. The error is:
> >>
> >> Event Type: Error
> >> Event Source: KDC
> >> Event Category: None
> >> Event ID: 11
> >> Date: 3/16/2005
> >> Time: 9:34:08 AM
> >> User: N/A
> >> Computer: TPADC1
> >> Description:
> >> There are multiple accounts with name MSSQLSvc/elvis.aviinc.local:1433 of
> >> type 10.
> >>
> >> After researching this I did a "ldifde" dump of the active directory
> >> database and then searched the dump and found a double entry for
> >> "MSSQLSvc/elvis.aviinc.local:1433". I found it duplicated on one of the
> >> domain admins accounts. Since this appeared to be a duplicate I decided
> >> to
> >> delete it. Within a few minutes I had problems with connections to SQL.
> >> I
> >> put it back right away and then everything was working fine again.
> >> Obviously the SQL server has some kind of a link to this...
> >>
> >> I have done some searching but have not found anything on it. Does
> >> anyone
> >> have any suggestions on cleaning this up?
> >>
> >> Harrison Midkiff
> >>
> >>
> >>
>
>|||Yes. To determine which domain account is the one that is currently being
used, we can use Adsiedit.msc to delete one of the
MSSQLSvc/elvis.aviinc.local:1433 SPNs, then *restart* the SQL service(s).
The SQL service will re-add the SPN on the currently used service account.
If it was not readded, then the duplicate has been removed.
Adsiedit.msc and Ldp.exe are included on the Windows 2000 installation CD.
You can install these tools from the CD in Support\Tools\Setup.exe
Sincerely,
William Wang
Microsoft Online Partner Support
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
This posting is provided "AS IS" with no warranties, and confers no rights.
--
>Thread-Topic: KDC Problem
>thread-index: AcUqezBszBBVWy/FSSSK8UVZqmT1Hg==>X-WBNR-Posting-Host: 212.200.135.192
>From: "=?Utf-8?B?QWxla3NhbmRhciBHcmJpYw==?="
<AleksandarGrbic@.discussions.microsoft.com>
>References: <uHsGc7jKFHA.2764@.tk2msftngp13.phx.gbl>
<AEC55981-252F-4AF5-B46A-BCC8C71F330E@.microsoft.com>
<#mEsdElKFHA.604@.TK2MSFTNGP10.phx.gbl>
>Subject: Re: KDC Problem
>Date: Wed, 16 Mar 2005 14:55:03 -0800
>Lines: 81
>Message-ID: <3DA4EE90-C742-482D-B063-C81B448C47E1@.microsoft.com>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups: microsoft.public.sqlserver.server
>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
>Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
>Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.sqlserver.server:382093
>X-Tomcat-NG: microsoft.public.sqlserver.server
>try with setspn tool
>or
>1. use adsiedit.msc and show servicePrincipalName for your sql server
>(computer account)
>2. use ldp.exe and search for "servicePrincipalName=MSSQLSvc/elvis*"
>delete duplicated spn
>-- -- "Within a few minutes I had problems with connections to SQL. "
>what? error message'
>
>
>"Harrison Midkiff" wrote:
>> Peter:
>> Thanks for replying to my post.
>> This is the article I followed which allowed me to find the duplicate
but is
>> was on a user account not a computer account. I think perhaps SQL has
>> something in it hard coded to reference this user account.
>> Any suggestions welcome...
>> Harrison Midkiff
>> "Peter 'Not Peter The Spate' Nolan"
>> <PeterNotPeterTheSpateNolan@.discussions.microsoft.com> wrote in message
>> news:AEC55981-252F-4AF5-B46A-BCC8C71F330E@.microsoft.com...
>> > Have a look at
>> > http://support.microsoft.com/default.aspx?scid=kb;en-us;321044
>> >
>> > Peter
>> >
>> > "Do not awake the sleeping dragon for you are crunchy and taste good
with
>> > ketchup".
>> > Peter The Spate
>> >
>> > "Harrison Midkiff" wrote:
>> >
>> >> Hello:
>> >>
>> >> A while back I started getting KDC errors in my System log on my
domain
>> >> controller. The error is:
>> >>
>> >> Event Type: Error
>> >> Event Source: KDC
>> >> Event Category: None
>> >> Event ID: 11
>> >> Date: 3/16/2005
>> >> Time: 9:34:08 AM
>> >> User: N/A
>> >> Computer: TPADC1
>> >> Description:
>> >> There are multiple accounts with name
MSSQLSvc/elvis.aviinc.local:1433 of
>> >> type 10.
>> >>
>> >> After researching this I did a "ldifde" dump of the active directory
>> >> database and then searched the dump and found a double entry for
>> >> "MSSQLSvc/elvis.aviinc.local:1433". I found it duplicated on one of
the
>> >> domain admins accounts. Since this appeared to be a duplicate I
decided
>> >> to
>> >> delete it. Within a few minutes I had problems with connections to
SQL.
>> >> I
>> >> put it back right away and then everything was working fine again.
>> >> Obviously the SQL server has some kind of a link to this...
>> >>
>> >> I have done some searching but have not found anything on it. Does
>> >> anyone
>> >> have any suggestions on cleaning this up?
>> >>
>> >> Harrison Midkiff
>> >>
>> >>
>> >>
>>
>|||This is a multi-part message in MIME format.
--=_NextPart_000_012E_01C52AF1.C085DB50
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: quoted-printable
Aleksandar:
Thanks for replying to my post.
The error which was appearing on the SQL Enterprise Manager was, "Unable =to initialize SSPI context".
Any suggestions?
Harrison Midkiff
"Aleksandar Grbic" <AleksandarGrbic@.discussions.microsoft.com> wrote in =message news:3DA4EE90-C742-482D-B063-C81B448C47E1@.microsoft.com...
> try with setspn tool
> > or > > 1. use adsiedit.msc and show servicePrincipalName for your sql server =
> (computer account)
> > 2. use ldp.exe and search for "servicePrincipalName=3DMSSQLSvc/elvis*"
> delete duplicated spn
> > -- -- "Within a few minutes I had problems with connections to SQL. " =
> what? error message'
> > > > > "Harrison Midkiff" wrote:
> >> Peter:
>> >> Thanks for replying to my post.
>> >> This is the article I followed which allowed me to find the duplicate =but is >> was on a user account not a computer account. I think perhaps SQL =has >> something in it hard coded to reference this user account.
>> >> Any suggestions welcome...
>> >> Harrison Midkiff
>> "Peter 'Not Peter The Spate' Nolan" >> <PeterNotPeterTheSpateNolan@.discussions.microsoft.com> wrote in =message >> news:AEC55981-252F-4AF5-B46A-BCC8C71F330E@.microsoft.com...
>> > Have a look at >> > http://support.microsoft.com/default.aspx?scid=3Dkb;en-us;321044
>> >
>> > Peter
>> >
>> > "Do not awake the sleeping dragon for you are crunchy and taste =good with
>> > ketchup".
>> > Peter The Spate
>> >
>> > "Harrison Midkiff" wrote:
>> >
>> >> Hello:
>> >>
>> >> A while back I started getting KDC errors in my System log on my =domain
>> >> controller. The error is:
>> >>
>> >> Event Type: Error
>> >> Event Source: KDC
>> >> Event Category: None
>> >> Event ID: 11
>> >> Date: 3/16/2005
>> >> Time: 9:34:08 AM
>> >> User: N/A
>> >> Computer: TPADC1
>> >> Description:
>> >> There are multiple accounts with name =MSSQLSvc/elvis.aviinc.local:1433 of
>> >> type 10.
>> >>
>> >> After researching this I did a "ldifde" dump of the active =directory
>> >> database and then searched the dump and found a double entry for
>> >> "MSSQLSvc/elvis.aviinc.local:1433". I found it duplicated on one =of the
>> >> domain admins accounts. Since this appeared to be a duplicate I =decided >> >> to
>> >> delete it. Within a few minutes I had problems with connections =to SQL. >> >> I
>> >> put it back right away and then everything was working fine again.
>> >> Obviously the SQL server has some kind of a link to this...
>> >>
>> >> I have done some searching but have not found anything on it. =Does >> >> anyone
>> >> have any suggestions on cleaning this up?
>> >>
>> >> Harrison Midkiff
>> >>
>> >>
>> >> >> >> --=_NextPart_000_012E_01C52AF1.C085DB50
Content-Type: text/html;
charset="Utf-8"
Content-Transfer-Encoding: quoted-printable
=EF=BB=BF<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
&
Aleksandar:
Thanks for replying to my =post.
The error which was appearing on =the SQL Enterprise Manager was, "Unable to =initialize SSPI context".
Any suggestions?
Harrison Midkiff
"Aleksandar Grbic" wrote in message news:3DA4EE90-C742-482D-B063-C81B448C47E1@.microsoft.com...> =try with setspn tool> > or > > 1. use adsiedit.msc and show servicePrincipalName for your sql server > (computer account)> > 2. use ldp.exe and search for "servicePrincipalName=3DMSSQLSvc/elvis*"> delete duplicated =spn> > -- -- "Within a few minutes I had problems with connections to =SQL. " > what? error message'> > > => > "Harrison Midkiff" wrote:> > Peter:> > Thanks for replying to my =post.> > This is the article I followed which allowed me to find the =duplicate but is > was on a user account not a computer account. I think perhaps SQL has > something in it hard =coded to reference this user account.> > Any suggestions =welcome...> > Harrison Midkiff> "Peter ='Not Peter The Spate' Nolan" >
--=_NextPart_000_012E_01C52AF1.C085DB50--|||Hi Harrison,
You may want to restart the SQL Server service after you have removed the
duplicate SPN. If the SPN is re-added, remove the other SPN and then
restart the SQL Server service.
Feel free to let me know if this resolves your problem.
Sincerely,
William Wang
Microsoft Online Partner Support
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
This posting is provided "AS IS" with no warranties, and confers no rights.
--
>Reply-To: "Harrison Midkiff" <HMidkiff@.aviinc.com>
>From: "Harrison Midkiff" <HMidkiff@.aviinc.com>
>References: <uHsGc7jKFHA.2764@.tk2msftngp13.phx.gbl>
<AEC55981-252F-4AF5-B46A-BCC8C71F330E@.microsoft.com>
<#mEsdElKFHA.604@.TK2MSFTNGP10.phx.gbl>
<3DA4EE90-C742-482D-B063-C81B448C47E1@.microsoft.com>
>Subject: Re: KDC Problem
>Date: Thu, 17 Mar 2005 13:03:45 -0500
>Lines: 254
>Organization: Audio Visual Innovations, Inc.
>MIME-Version: 1.0
>Content-Type: multipart/alternative;
> boundary="--=_NextPart_000_012E_01C52AF1.C085DB50"
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>Message-ID: <O3FTruxKFHA.1156@.TK2MSFTNGP09.phx.gbl>
>Newsgroups: microsoft.public.sqlserver.server
>NNTP-Posting-Host: 208.5.55.183
>Path:
TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP0
9.phx.gbl
>Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.sqlserver.server:382241
>X-Tomcat-NG: microsoft.public.sqlserver.server
>Aleksandar:
>Thanks for replying to my post.
>The error which was appearing on the SQL Enterprise Manager was, "Unable
to initialize SSPI context".
>Any suggestions?
>Harrison Midkiff
>"Aleksandar Grbic" <AleksandarGrbic@.discussions.microsoft.com> wrote in
message news:3DA4EE90-C742-482D-B063-C81B448C47E1@.microsoft.com...
>> try with setspn tool
>> or
>> 1. use adsiedit.msc and show servicePrincipalName for your sql server >
(computer account)
>> 2. use ldp.exe and search for "servicePrincipalName=MSSQLSvc/elvis*"
>> delete duplicated spn
>> -- -- "Within a few minutes I had problems with connections to SQL. " >
what? error message'
>>
>>
>> "Harrison Midkiff" wrote:
>> Peter:
>> Thanks for replying to my post.
>> This is the article I followed which allowed me to find the duplicate
but is
>> was on a user account not a computer account. I think perhaps SQL has
>> something in it hard coded to reference this user account.
>> Any suggestions welcome...
>> Harrison Midkiff
>> "Peter 'Not Peter The Spate' Nolan"
>> <PeterNotPeterTheSpateNolan@.discussions.microsoft.com> wrote in message
>> news:AEC55981-252F-4AF5-B46A-BCC8C71F330E@.microsoft.com...
>> > Have a look at
>> > http://support.microsoft.com/default.aspx?scid=kb;en-us;321044
>> >
>> > Peter
>> >
>> > "Do not awake the sleeping dragon for you are crunchy and taste good
with
>> > ketchup".
>> > Peter The Spate
>> >
>> > "Harrison Midkiff" wrote:
>> >
>> >> Hello:
>> >>
>> >> A while back I started getting KDC errors in my System log on my
domain
>> >> controller. The error is:
>> >>
>> >> Event Type: Error
>> >> Event Source: KDC
>> >> Event Category: None
>> >> Event ID: 11
>> >> Date: 3/16/2005
>> >> Time: 9:34:08 AM
>> >> User: N/A
>> >> Computer: TPADC1
>> >> Description:
>> >> There are multiple accounts with name
MSSQLSvc/elvis.aviinc.local:1433 of
>> >> type 10.
>> >>
>> >> After researching this I did a "ldifde" dump of the active directory
>> >> database and then searched the dump and found a double entry for
>> >> "MSSQLSvc/elvis.aviinc.local:1433". I found it duplicated on one of
the
>> >> domain admins accounts. Since this appeared to be a duplicate I
decided
>> >> to
>> >> delete it. Within a few minutes I had problems with connections to
SQL.
>> >> I
>> >> put it back right away and then everything was working fine again.
>> >> Obviously the SQL server has some kind of a link to this...
>> >>
>> >> I have done some searching but have not found anything on it. Does
>> >> anyone
>> >> have any suggestions on cleaning this up?
>> >>
>> >> Harrison Midkiff
>> >>
>> >>
>> >>
>>
>|||In almost every case I remember SSPI errors was related with wrong DNS
records, so check the DNS.
(ex computer name is London instead of London.nwtraders.msft ) SETSPN works
with FQDN only.
Regards,
Daniel
"Harrison Midkiff" <HMidkiff@.aviinc.com> wrote in message
news:uHsGc7jKFHA.2764@.tk2msftngp13.phx.gbl...
> Hello:
> A while back I started getting KDC errors in my System log on my domain
> controller. The error is:
> Event Type: Error
> Event Source: KDC
> Event Category: None
> Event ID: 11
> Date: 3/16/2005
> Time: 9:34:08 AM
> User: N/A
> Computer: TPADC1
> Description:
> There are multiple accounts with name MSSQLSvc/elvis.aviinc.local:1433 of
> type 10.
> After researching this I did a "ldifde" dump of the active directory
> database and then searched the dump and found a double entry for
> "MSSQLSvc/elvis.aviinc.local:1433". I found it duplicated on one of the
> domain admins accounts. Since this appeared to be a duplicate I decided
to
> delete it. Within a few minutes I had problems with connections to SQL.
I
> put it back right away and then everything was working fine again.
> Obviously the SQL server has some kind of a link to this...
> I have done some searching but have not found anything on it. Does anyone
> have any suggestions on cleaning this up?
> Harrison Midkiff
>|||William:
Thanks for replying to my post. Do you know of any tech net articles which
may explain this behavior. The reason I ask is due to the sensitive nature
of SQL we are going to have a meeting before we attempt any changes.
Thanks.
Harrison Midkiff
"William Wang[MSFT]" <v-rxwang@.online.microsoft.com> wrote in message
news:lcT4rWsLFHA.1376@.TK2MSFTNGXA02.phx.gbl...
> Hi Harrison,
> You may want to restart the SQL Server service after you have removed the
> duplicate SPN. If the SPN is re-added, remove the other SPN and then
> restart the SQL Server service.
> Feel free to let me know if this resolves your problem.
> Sincerely,
> William Wang
> Microsoft Online Partner Support
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> --
>>Reply-To: "Harrison Midkiff" <HMidkiff@.aviinc.com>
>>From: "Harrison Midkiff" <HMidkiff@.aviinc.com>
>>References: <uHsGc7jKFHA.2764@.tk2msftngp13.phx.gbl>
> <AEC55981-252F-4AF5-B46A-BCC8C71F330E@.microsoft.com>
> <#mEsdElKFHA.604@.TK2MSFTNGP10.phx.gbl>
> <3DA4EE90-C742-482D-B063-C81B448C47E1@.microsoft.com>
>>Subject: Re: KDC Problem
>>Date: Thu, 17 Mar 2005 13:03:45 -0500
>>Lines: 254
>>Organization: Audio Visual Innovations, Inc.
>>MIME-Version: 1.0
>>Content-Type: multipart/alternative;
>> boundary="--=_NextPart_000_012E_01C52AF1.C085DB50"
>>X-Priority: 3
>>X-MSMail-Priority: Normal
>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>>Message-ID: <O3FTruxKFHA.1156@.TK2MSFTNGP09.phx.gbl>
>>Newsgroups: microsoft.public.sqlserver.server
>>NNTP-Posting-Host: 208.5.55.183
>>Path:
> TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP0
> 9.phx.gbl
>>Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.sqlserver.server:382241
>>X-Tomcat-NG: microsoft.public.sqlserver.server
>>Aleksandar:
>>Thanks for replying to my post.
>>The error which was appearing on the SQL Enterprise Manager was, "Unable
> to initialize SSPI context".
>>Any suggestions?
>>Harrison Midkiff
>>"Aleksandar Grbic" <AleksandarGrbic@.discussions.microsoft.com> wrote in
> message news:3DA4EE90-C742-482D-B063-C81B448C47E1@.microsoft.com...
>> try with setspn tool
>> or
>> 1. use adsiedit.msc and show servicePrincipalName for your sql server >
> (computer account)
>> 2. use ldp.exe and search for "servicePrincipalName=MSSQLSvc/elvis*"
>> delete duplicated spn
>> -- -- "Within a few minutes I had problems with connections to SQL. " >
> what? error message'
>>
>>
>> "Harrison Midkiff" wrote:
>> Peter:
>> Thanks for replying to my post.
>> This is the article I followed which allowed me to find the duplicate
> but is
>> was on a user account not a computer account. I think perhaps SQL has
>> something in it hard coded to reference this user account.
>> Any suggestions welcome...
>> Harrison Midkiff
>> "Peter 'Not Peter The Spate' Nolan"
>> <PeterNotPeterTheSpateNolan@.discussions.microsoft.com> wrote in message
>> news:AEC55981-252F-4AF5-B46A-BCC8C71F330E@.microsoft.com...
>> > Have a look at
>> > http://support.microsoft.com/default.aspx?scid=kb;en-us;321044
>> >
>> > Peter
>> >
>> > "Do not awake the sleeping dragon for you are crunchy and taste good
> with
>> > ketchup".
>> > Peter The Spate
>> >
>> > "Harrison Midkiff" wrote:
>> >
>> >> Hello:
>> >>
>> >> A while back I started getting KDC errors in my System log on my
> domain
>> >> controller. The error is:
>> >>
>> >> Event Type: Error
>> >> Event Source: KDC
>> >> Event Category: None
>> >> Event ID: 11
>> >> Date: 3/16/2005
>> >> Time: 9:34:08 AM
>> >> User: N/A
>> >> Computer: TPADC1
>> >> Description:
>> >> There are multiple accounts with name
> MSSQLSvc/elvis.aviinc.local:1433 of
>> >> type 10.
>> >>
>> >> After researching this I did a "ldifde" dump of the active directory
>> >> database and then searched the dump and found a double entry for
>> >> "MSSQLSvc/elvis.aviinc.local:1433". I found it duplicated on one of
> the
>> >> domain admins accounts. Since this appeared to be a duplicate I
> decided
>> >> to
>> >> delete it. Within a few minutes I had problems with connections to
> SQL.
>> >> I
>> >> put it back right away and then everything was working fine again.
>> >> Obviously the SQL server has some kind of a link to this...
>> >>
>> >> I have done some searching but have not found anything on it. Does
>> >> anyone
>> >> have any suggestions on cleaning this up?
>> >>
>> >> Harrison Midkiff
>> >>
>> >>
>> >>
>>
>>
>|||Hi Harrison,
The relevent articles I could find are:
305971 Windows 2000 Server Prompts Domain User for Credentials
http://support.microsoft.com/?id=305971
811889 HOW TO: Troubleshoot the "Cannot Generate SSPI Context" Error Message
http://support.microsoft.com/?id=811889
HTH!
Sincerely,
William Wang
Microsoft Online Partner Support
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
This posting is provided "AS IS" with no warranties, and confers no rights.
--
>Reply-To: "Harrison Midkiff" <HMidkiff@.aviinc.com>
>From: "Harrison Midkiff" <HMidkiff@.aviinc.com>
>References: <uHsGc7jKFHA.2764@.tk2msftngp13.phx.gbl>
<AEC55981-252F-4AF5-B46A-BCC8C71F330E@.microsoft.com>
<#mEsdElKFHA.604@.TK2MSFTNGP10.phx.gbl>
<3DA4EE90-C742-482D-B063-C81B448C47E1@.microsoft.com>
<O3FTruxKFHA.1156@.TK2MSFTNGP09.phx.gbl>
<lcT4rWsLFHA.1376@.TK2MSFTNGXA02.phx.gbl>
>Subject: Re: KDC Problem
>Date: Wed, 23 Mar 2005 08:32:22 -0500
>Lines: 155
>Organization: Audio Visual Innovations, Inc.
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>X-RFC2646: Format=Flowed; Original
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>Message-ID: <Oi9BAz6LFHA.3328@.TK2MSFTNGP14.phx.gbl>
>Newsgroups: microsoft.public.sqlserver.server
>NNTP-Posting-Host: 208.5.55.190
>Path:
TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP1
4.phx.gbl
>Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.sqlserver.server:382949
>X-Tomcat-NG: microsoft.public.sqlserver.server
>William:
>Thanks for replying to my post. Do you know of any tech net articles
which
>may explain this behavior. The reason I ask is due to the sensitive
nature
>of SQL we are going to have a meeting before we attempt any changes.
>Thanks.
>Harrison Midkiff
>"William Wang[MSFT]" <v-rxwang@.online.microsoft.com> wrote in message
>news:lcT4rWsLFHA.1376@.TK2MSFTNGXA02.phx.gbl...
>> Hi Harrison,
>> You may want to restart the SQL Server service after you have removed the
>> duplicate SPN. If the SPN is re-added, remove the other SPN and then
>> restart the SQL Server service.
>> Feel free to let me know if this resolves your problem.
>> Sincerely,
>> William Wang
>> Microsoft Online Partner Support
>> When responding to posts, please "Reply to Group" via your newsreader so
>> that others may learn and benefit from your issue.
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>> --
>>Reply-To: "Harrison Midkiff" <HMidkiff@.aviinc.com>
>>From: "Harrison Midkiff" <HMidkiff@.aviinc.com>
>>References: <uHsGc7jKFHA.2764@.tk2msftngp13.phx.gbl>
>> <AEC55981-252F-4AF5-B46A-BCC8C71F330E@.microsoft.com>
>> <#mEsdElKFHA.604@.TK2MSFTNGP10.phx.gbl>
>> <3DA4EE90-C742-482D-B063-C81B448C47E1@.microsoft.com>
>>Subject: Re: KDC Problem
>>Date: Thu, 17 Mar 2005 13:03:45 -0500
>>Lines: 254
>>Organization: Audio Visual Innovations, Inc.
>>MIME-Version: 1.0
>>Content-Type: multipart/alternative;
>> boundary="--=_NextPart_000_012E_01C52AF1.C085DB50"
>>X-Priority: 3
>>X-MSMail-Priority: Normal
>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>>Message-ID: <O3FTruxKFHA.1156@.TK2MSFTNGP09.phx.gbl>
>>Newsgroups: microsoft.public.sqlserver.server
>>NNTP-Posting-Host: 208.5.55.183
>>Path:
TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP0
>> 9.phx.gbl
>>Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.sqlserver.server:382241
>>X-Tomcat-NG: microsoft.public.sqlserver.server
>>Aleksandar:
>>Thanks for replying to my post.
>>The error which was appearing on the SQL Enterprise Manager was, "Unable
>> to initialize SSPI context".
>>Any suggestions?
>>Harrison Midkiff
>>"Aleksandar Grbic" <AleksandarGrbic@.discussions.microsoft.com> wrote in
>> message news:3DA4EE90-C742-482D-B063-C81B448C47E1@.microsoft.com...
>> try with setspn tool
>> or
>> 1. use adsiedit.msc and show servicePrincipalName for your sql server
>> (computer account)
>> 2. use ldp.exe and search for "servicePrincipalName=MSSQLSvc/elvis*"
>> delete duplicated spn
>> -- -- "Within a few minutes I had problems with connections to SQL. "
>> what? error message'
>>
>>
>> "Harrison Midkiff" wrote:
>> Peter:
>> Thanks for replying to my post.
>> This is the article I followed which allowed me to find the duplicate
>> but is
>> was on a user account not a computer account. I think perhaps SQL has
>> something in it hard coded to reference this user account.
>> Any suggestions welcome...
>> Harrison Midkiff
>> "Peter 'Not Peter The Spate' Nolan"
>> <PeterNotPeterTheSpateNolan@.discussions.microsoft.com> wrote in
message
>> news:AEC55981-252F-4AF5-B46A-BCC8C71F330E@.microsoft.com...
>> > Have a look at
>> > http://support.microsoft.com/default.aspx?scid=kb;en-us;321044
>> >
>> > Peter
>> >
>> > "Do not awake the sleeping dragon for you are crunchy and taste good
>> with
>> > ketchup".
>> > Peter The Spate
>> >
>> > "Harrison Midkiff" wrote:
>> >
>> >> Hello:
>> >>
>> >> A while back I started getting KDC errors in my System log on my
>> domain
>> >> controller. The error is:
>> >>
>> >> Event Type: Error
>> >> Event Source: KDC
>> >> Event Category: None
>> >> Event ID: 11
>> >> Date: 3/16/2005
>> >> Time: 9:34:08 AM
>> >> User: N/A
>> >> Computer: TPADC1
>> >> Description:
>> >> There are multiple accounts with name
>> MSSQLSvc/elvis.aviinc.local:1433 of
>> >> type 10.
>> >>
>> >> After researching this I did a "ldifde" dump of the active
directory
>> >> database and then searched the dump and found a double entry for
>> >> "MSSQLSvc/elvis.aviinc.local:1433". I found it duplicated on one
of
>> the
>> >> domain admins accounts. Since this appeared to be a duplicate I
>> decided
>> >> to
>> >> delete it. Within a few minutes I had problems with connections to
>> SQL.
>> >> I
>> >> put it back right away and then everything was working fine again.
>> >> Obviously the SQL server has some kind of a link to this...
>> >>
>> >> I have done some searching but have not found anything on it. Does
>> >> anyone
>> >> have any suggestions on cleaning this up?
>> >>
>> >> Harrison Midkiff
>> >>
>> >>
>> >>
>>
>>
>
>|||Hi William,
I was reading the messages posted by Harrison, it seems tobe that he has the
same problem than me, i used ldp.exe and i could find this accounts:
ldap_search_s(ld, "dc=dinamica,dc=com,dc=co", 2,
"serviceprincipalname=MSSQLSvc/ns.dinamica.com.co:1433", attrList, 0, &msg)
Result <0>: (null)
Matched DNs:
Getting 2 entries:
>> Dn: CN=Administrator,CN=Users,DC=dinamica,DC=com,DC=co
1> canonicalName: dinamica.com.co/Users/Administrator;
1> cn: Administrator;
1> description: Built-in account for administering the computer/domain;
1> distinguishedName: CN=Administrator,CN=Users,DC=dinamica,DC=com,DC=co;
4> objectClass: top; person; organizationalPerson; user;
1> name: Administrator;
>> Dn: CN=NS,OU=Domain Controllers,DC=dinamica,DC=com,DC=co
1> canonicalName: dinamica.com.co/Domain Controllers/NS;
1> cn: NS;
1> distinguishedName: CN=NS,OU=Domain Controllers,DC=dinamica,DC=com,DC=co;
5> objectClass: top; person; organizationalPerson; user; computer;
1> name: NS;
I have found two accounts, Administrator who is an user account, and the
other account is a computer account called NS, but NS is the name of the
server where SQL Server is running.
What should i do?
I hope you can help. Thanks
Javier Espinosa
"William Wang[MSFT]" wrote:
> Hi Harrison,
> The relevent articles I could find are:
> 305971 Windows 2000 Server Prompts Domain User for Credentials
> http://support.microsoft.com/?id=305971
> 811889 HOW TO: Troubleshoot the "Cannot Generate SSPI Context" Error Message
> http://support.microsoft.com/?id=811889
> HTH!
> Sincerely,
> William Wang
> Microsoft Online Partner Support
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> This posting is provided "AS IS" with no warranties, and confers no rights.
> --
> >Reply-To: "Harrison Midkiff" <HMidkiff@.aviinc.com>
> >From: "Harrison Midkiff" <HMidkiff@.aviinc.com>
> >References: <uHsGc7jKFHA.2764@.tk2msftngp13.phx.gbl>
> <AEC55981-252F-4AF5-B46A-BCC8C71F330E@.microsoft.com>
> <#mEsdElKFHA.604@.TK2MSFTNGP10.phx.gbl>
> <3DA4EE90-C742-482D-B063-C81B448C47E1@.microsoft.com>
> <O3FTruxKFHA.1156@.TK2MSFTNGP09.phx.gbl>
> <lcT4rWsLFHA.1376@.TK2MSFTNGXA02.phx.gbl>
> >Subject: Re: KDC Problem
> >Date: Wed, 23 Mar 2005 08:32:22 -0500
> >Lines: 155
> >Organization: Audio Visual Innovations, Inc.
> >X-Priority: 3
> >X-MSMail-Priority: Normal
> >X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
> >X-RFC2646: Format=Flowed; Original
> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
> >Message-ID: <Oi9BAz6LFHA.3328@.TK2MSFTNGP14.phx.gbl>
> >Newsgroups: microsoft.public.sqlserver.server
> >NNTP-Posting-Host: 208.5.55.190
> >Path:
> TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP1
> 4.phx.gbl
> >Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.sqlserver.server:382949
> >X-Tomcat-NG: microsoft.public.sqlserver.server
> >
> >William:
> >
> >Thanks for replying to my post. Do you know of any tech net articles
> which
> >may explain this behavior. The reason I ask is due to the sensitive
> nature
> >of SQL we are going to have a meeting before we attempt any changes.
> >Thanks.
> >
> >Harrison Midkiff
> >"William Wang[MSFT]" <v-rxwang@.online.microsoft.com> wrote in message
> >news:lcT4rWsLFHA.1376@.TK2MSFTNGXA02.phx.gbl...
> >> Hi Harrison,
> >>
> >> You may want to restart the SQL Server service after you have removed the
> >> duplicate SPN. If the SPN is re-added, remove the other SPN and then
> >> restart the SQL Server service.
> >>
> >> Feel free to let me know if this resolves your problem.
> >>
> >> Sincerely,
> >>
> >> William Wang
> >> Microsoft Online Partner Support
> >>
> >> When responding to posts, please "Reply to Group" via your newsreader so
> >> that others may learn and benefit from your issue.
> >> This posting is provided "AS IS" with no warranties, and confers no
> >> rights.
> >>
> >> --
> >>Reply-To: "Harrison Midkiff" <HMidkiff@.aviinc.com>
> >>From: "Harrison Midkiff" <HMidkiff@.aviinc.com>
> >>References: <uHsGc7jKFHA.2764@.tk2msftngp13.phx.gbl>
> >> <AEC55981-252F-4AF5-B46A-BCC8C71F330E@.microsoft.com>
> >> <#mEsdElKFHA.604@.TK2MSFTNGP10.phx.gbl>
> >> <3DA4EE90-C742-482D-B063-C81B448C47E1@.microsoft.com>
> >>Subject: Re: KDC Problem
> >>Date: Thu, 17 Mar 2005 13:03:45 -0500
> >>Lines: 254
> >>Organization: Audio Visual Innovations, Inc.
> >>MIME-Version: 1.0
> >>Content-Type: multipart/alternative;
> >> boundary="--=_NextPart_000_012E_01C52AF1.C085DB50"
> >>X-Priority: 3
> >>X-MSMail-Priority: Normal
> >>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
> >>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
> >>Message-ID: <O3FTruxKFHA.1156@.TK2MSFTNGP09.phx.gbl>
> >>Newsgroups: microsoft.public.sqlserver.server
> >>NNTP-Posting-Host: 208.5.55.183
> >>Path:
> >>
> TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP0
> >> 9.phx.gbl
> >>Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.sqlserver.server:382241
> >>X-Tomcat-NG: microsoft.public.sqlserver.server
> >>
> >>Aleksandar:
> >>Thanks for replying to my post.
> >>The error which was appearing on the SQL Enterprise Manager was, "Unable
> >> to initialize SSPI context".
> >>Any suggestions?
> >>Harrison Midkiff
> >>"Aleksandar Grbic" <AleksandarGrbic@.discussions.microsoft.com> wrote in
> >> message news:3DA4EE90-C742-482D-B063-C81B448C47E1@.microsoft.com...
> >> try with setspn tool
> >>
> >> or
> >>
> >> 1. use adsiedit.msc and show servicePrincipalName for your sql server
> >
> >> (computer account)
> >>
> >> 2. use ldp.exe and search for "servicePrincipalName=MSSQLSvc/elvis*"
> >> delete duplicated spn
> >>
> >> -- -- "Within a few minutes I had problems with connections to SQL. "
> >
> >> what? error message'
> >>
> >>
> >>
> >>
> >> "Harrison Midkiff" wrote:
> >>
> >> Peter:
> >>
> >> Thanks for replying to my post.
> >>
> >> This is the article I followed which allowed me to find the duplicate
> >> but is
> >> was on a user account not a computer account. I think perhaps SQL has
> >> something in it hard coded to reference this user account.
> >>
> >> Any suggestions welcome...
> >>
> >> Harrison Midkiff
> >> "Peter 'Not Peter The Spate' Nolan"
> >> <PeterNotPeterTheSpateNolan@.discussions.microsoft.com> wrote in
> message
> >> news:AEC55981-252F-4AF5-B46A-BCC8C71F330E@.microsoft.com...
> >> > Have a look at
> >> > http://support.microsoft.com/default.aspx?scid=kb;en-us;321044
> >> >
> >> > Peter
> >> >
> >> > "Do not awake the sleeping dragon for you are crunchy and taste good
> >> with
> >> > ketchup".
> >> > Peter The Spate
> >> >
> >> > "Harrison Midkiff" wrote:
> >> >
> >> >> Hello:
> >> >>
> >> >> A while back I started getting KDC errors in my System log on my
> >> domain
> >> >> controller. The error is:
> >> >>
> >> >> Event Type: Error
> >> >> Event Source: KDC
> >> >> Event Category: None
> >> >> Event ID: 11
> >> >> Date: 3/16/2005
> >> >> Time: 9:34:08 AM
> >> >> User: N/A
> >> >> Computer: TPADC1
> >> >> Description:
> >> >> There are multiple accounts with name
> >> MSSQLSvc/elvis.aviinc.local:1433 of
> >> >> type 10.
> >> >>
> >> >> After researching this I did a "ldifde" dump of the active
> directory
> >> >> database and then searched the dump and found a double entry for
> >> >> "MSSQLSvc/elvis.aviinc.local:1433". I found it duplicated on one
> of
> >> the
> >> >> domain admins accounts. Since this appeared to be a duplicate I
> >> decided
> >> >> to
> >> >> delete it. Within a few minutes I had problems with connections to
> >> SQL.
> >> >> I
> >> >> put it back right away and then everything was working fine again.
> >> >> Obviously the SQL server has some kind of a link to this...
> >> >>
> >> >> I have done some searching but have not found anything on it. Does
> >> >> anyone
> >> >> have any suggestions on cleaning this up?
> >> >>
> >> >> Harrison Midkiff
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
> >>
> >>
> >
> >
> >
>
