Duplicate SPN Entry

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    Carlson
    Member
    #142831

    Hello Petri forum,

    We notice these messages in our eventlogs on our Windows Server 2003 SP2 domaincontrollers.

    There are multiple accounts with name MSSQLSvc/Host.Domain.Loc.
    of type DS_SERVICE_PRINCIPAL_NAME.

    EventID 11

    It is one of our SQL servers. First we tried to remove this system and its object from the domain, and add it again.

    I thougt it was also possible to solve this issue by removing the duplicate SPN entry with LDP.

    I connected LDP on our domaincontroller and queried it for the duplicate SPN entry. But it cannot be found. There is only one entry! Can someone help me out?

    Output from LDP:

    ld = ldap_open(“”, 3268);
    Established connection to .
    Retrieving base DSA information…
    Result <0>: (null)
    Matched DNs:
    Getting 1 entries:
    >> Dn:
    1> currentTime: 07/03/2009 08:58:45 W. Europe Standard Time W. Europe Daylight Time;
    1> subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=Domain,DC=loc;
    1> dsServiceName: CN=NTDS Settings,CN=HostCN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Domain,DC=loc;
    5> namingContexts: DC=Domain,DC=loc; CN=Configuration,DC=Domain,DC=loc; CN=Schema,CN=Configuration,DC=Domain,DC=loc; DC=ForestDnsZones,DC=Domain,DC=loc; DC=DomainDnsZones,DC=Domain,DC=loc;
    1> defaultNamingContext: DC=Domain,DC=loc;
    1> schemaNamingContext: CN=Schema,CN=Configuration,DC=Domain,DC=loc;
    1> configurationNamingContext: CN=Configuration,DC=Domain,DC=loc;
    1> rootDomainNamingContext: DC=,DC=loc;
    23> supportedControl: 1.2.840.113556.1.4.319; 1.2.840.113556.1.4.801; 1.2.840.113556.1.4.473; 1.2.840.113556.1.4.528; 1.2.840.113556.1.4.417; 1.2.840.113556.1.4.619; 1.2.840.113556.1.4.841; 1.2.840.113556.1.4.529; 1.2.840.113556.1.4.805; 1.2.840.113556.1.4.521; 1.2.840.113556.1.4.970; 1.2.840.113556.1.4.1338; 1.2.840.113556.1.4.474; 1.2.840.113556.1.4.1339; 1.2.840.113556.1.4.1340; 1.2.840.113556.1.4.1413; 2.16.840.1.113730.3.4.9; 2.16.840.1.113730.3.4.10; 1.2.840.113556.1.4.1504; 1.2.840.113556.1.4.1852; 1.2.840.113556.1.4.802; 1.2.840.113556.1.4.1907; 1.2.840.113556.1.4.1948;
    2> supportedLDAPVersion: 3; 2;
    12> supportedLDAPPolicies: MaxPoolThreads; MaxDatagramRecv; MaxReceiveBuffer; InitRecvTimeout; MaxConnections; MaxConnIdleTime; MaxPageSize; MaxQueryDuration; MaxTempTableSize; MaxResultSetSize; MaxNotificationPerConn; MaxValRange;
    1> highestCommittedUSN: 12066132;
    4> supportedSASLMechanisms: GSSAPI; GSS-SPNEGO; EXTERNAL; DIGEST-MD5;
    1> dnsHostName: Host.Domain.loc;
    1> ldapServiceName: Domain.loc:[email protected];
    1> serverName: CN=Host,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Domain,DC=loc;
    3> supportedCapabilities: 1.2.840.113556.1.4.800; 1.2.840.113556.1.4.1670; 1.2.840.113556.1.4.1791;
    1> isSynchronized: TRUE;
    1> isGlobalCatalogReady: TRUE;
    1> domainFunctionality: 2 = ( DS_BEHAVIOR_WIN2003 );
    1> forestFunctionality: 0 = ( DS_BEHAVIOR_WIN2000 );
    1> domainControllerFunctionality: 2 = ( DS_BEHAVIOR_WIN2003 );


    res = ldap_bind_s(ld, NULL, &NtAuthIdentity, 1158); // v.3
    {NtAuthIdentity: User=’administrator’; Pwd= ; domain = ‘Ourdomain’.}
    Authenticated as dn:’administrator’.a
    Expanding base ‘dc=Domain,DC=loc’…
    Result <0>: (null)
    Matched DNs:
    Getting 1 entries:
    >> Dn: dc=Domain,DC=loc
    3> objectClass: top; domain; domainDNS;
    1> distinguishedName: DC=Domain,DC=loc;
    1> instanceType: 0x5 = ( DS_INSTANCETYPE_IS_NC_HEAD | IT_WRITE );
    1> whenCreated: 06/12/2002 18:13:53 W. Europe Standard Time W. Europe Daylight Time;
    1> whenChanged: 07/02/2009 20:02:15 W. Europe Standard Time W. Europe Daylight Time;
    3> subRefs: DC=DomainDnsZones,DC=Domain,DC=loc; DC=ForestDnsZones,DC=Domain,DC=loc; CN=Configuration,DC=Domain,DC=loc;
    1> uSNCreated: 11721;
    1> repsTo: dwVersion = 1, V1.cb: 281, V1.cConsecutiveFailures: 0 V1.timeLastSuccess: 12891074904 V1.timeLastAttempt: 12891074904 V1.ulResultLastAttempt: 0x0 V1.cbOtherDraOffset: 216 V1.cbOtherDra: 65 V1.ulReplicaFlags: 0x10 V1.rtSchedule: V1.usnvec.usnHighObjUpdate: 0 V1.usnvec.usnHighPropUpdate: 0 V1.uuidDsaObj: f36f8a03-416d-4a75-b125-01370868c058 V1.uuidInvocId: 00000000-0000-0000-0000-000000000000 V1.uuidTransportObj: 00000000-0000-0000-0000-000000000000 V1~mtx_address: f36f8a03-416d-4a75-b125-01370868c058._msdcs.Hermansgroup.loc V1.cbPASDataOffset: 0 V1~PasData: version = -1, size = -1, flag = -1 ;
    1> repsFrom: dwVersion = 1, V1.cb: 281, V1.cConsecutiveFailures: 0 V1.timeLastSuccess: 12891077995 V1.timeLastAttempt: 12891077995 V1.ulResultLastAttempt: 0x0 V1.cbOtherDraOffset: 216 V1.cbOtherDra: 65 V1.ulReplicaFlags: 0x70 V1.rtSchedule:
    V1.usnvec.usnHighObjUpdate: 13009479 V1.usnvec.usnHighPropUpdate: 13009479 V1.uuidDsaObj: f36f8a03-416d-4a75-b125-01370868c058 V1.uuidInvocId: 5d2a203c-c0f8-44cf-a574-ca52e78cbb1c V1.uuidTransportObj: 00000000-0000-0000-0000-000000000000 V1~mtx_address: f36f8a03-416d-4a75-b125-01370868c058._msdcs.Hermansgroup.loc V1.cbPASDataOffset: 0 V1~PasData: version = -1, size = -1, flag = -1 ;
    1> uSNChanged: 12060404;
    1> name: Our Compaany;
    1> objectGUID: 9f89ce95-8462-442e-a00d-76af36c2ad41;
    1> replUpToDateVector: ;
    1> objectSid: S-1-5-21-9395636-2083466211-1852903728;
    1> nTMixedDomain: 0;
    11> wellKnownObjects: B:32:6227F0AF1FC2410D8E3BB10615BB5B0F:CN=NTDS Quotas,DC=Domain,DC=loc; B:32:F4BE92A4C777485E878E9421D53087DB:CN=Microsoft,CN=Program Data,DC=Domain,,DC=loc; B:32:09460C08AE1E4A4EA0F64AEE7DAA1E5A:CN=Program Data,DC=Domain,,DC=loc; B:32:22B70C67D56E4EFB91E9300FCA3DC1AA:CN=ForeignSecurityPrincipals,DC=Domain,,DC=loc; B:32:18E2EA80684F11D2B9AA00C04F79F805:CN=Deleted Objects,DC=Domain,,DC=loc; B:32:2FBAC1870ADE11D297C400C04FD8D5CD:CN=Infrastructure,DC=Domain,DC=loc; B:32:AB8153B7768811D1ADED00C04FD8D5CD:CN=LostAndFound,DC=Domain,,DC=loc; B:32:AB1D30F3768811D1ADED00C04FD8D5CD:CN=System,DC=Domain,p,DC=loc; B:32:A361B2FFFFD211D1AA4B00C04FD7D83A:OU=Domain Controllers,DC=Domain,DC=loc; B:32:AA312825768811D1ADED00C04FD8D5CD:CN=Computers,DC=Domain,,DC=loc; B:32:A9D1CA15768811D1ADED00C04FD8D5CD:CN=Users,DC=Domain,,DC=loc;
    1> objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=Domain,,DC=loc;
    1> gPLink: [LDAP://CN={FE462D15-13CB-4E95-8889-3EFE4DCD6532},CN=Policies,CN=System,DC=Domain,DC=loc;0][LDAP://CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=Domain,DC=loc;1];
    2> masteredBy: CN=NTDS Settings,CN=Host ,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Domain,DC=loc; CN=NTDS Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Domain,up,DC=loc;
    2> msDs-masteredBy: CN=NTDS Settings,CN=,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Domain,DC=loc; CN=NTDS Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Domain,,DC=loc;
    1> dc: DOMAIN;


    ***Searching…
    ldap_search_s(ld, “DC=Domain,DC=loc”, 2, “serviceprincipalname=host/Host.Domain.loc”, attrList, 0, &msg)
    Result <0>: (null)
    Matched DNs:
    Getting 1 entries:
    >> Dn: CN=HOST,CN=Computers,DC=Domain,DC=loc
    5> objectClass: top; person; organizationalPerson; user; computer;
    1> cn: Host;
    1> distinguishedName: CN=Host,CN=Computers,DC=Domain,DC=loc;
    1> name: Host;
    1> canonicalName: Domain.loc/Computers/Host;

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.