Discussion:
Source: KDC Event ID: 11. Symbolic Name: KDCEVENT_NAME_NOT_UNIQUE
(too old to reply)
Imtiaz Kiani
2006-06-07 20:33:02 UTC
Permalink
I get following two errors on the Server. I had joined a new XP workstation
with an similar existiing station ID with W2K which was removed from the
network from the server Management console. I have tried to follow the help
and support which suggests
as follows but it does not give me duplicate

"On the domain controller, do one or both of the following:

For computer accounts, at the command prompt, type
ldifde -f filename -d BaseDistinguishedName -r (objectclass=computer) -p
subtree
For user accounts, at the command prompt, type
ldifde -f filename -d BaseDistinguishedName -r (objectclass=user) -p subtree
"
Your assistance is appreciated.
Thanks Imtiaz Kiani

Event Type: Error
Event Source: KDC
Event Category: None
Event ID: 11
Date: 07/06/2006
Time: 12:34:57 PM
User: N/A
Computer: DC1
Description:
There are multiple accounts with name cifs/STN04.hucchc.local of type
DS_SERVICE_PRINCIPAL_NAME.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.




Event Type: Error
Event Source: KDC
Event Category: None
Event ID: 11
Date: 07/06/2006
Time: 1:57:30 PM
User: N/A
Computer: DC1
Description:
There are multiple accounts with name host/stn04.hucchc.local of type
DS_SERVICE_PRINCIPAL_NAME.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Steven Zhu [MSFT]
2006-06-08 10:04:28 UTC
Permalink
Hi,

Thanks for posting here.

According to your post, I understand your concern is that there is an
EVENTID 11 error message in the event log. If I have misunderstood your
concerns, please let me know.

I suggest you do the following:

I. Beside uninstalling/reinstalling Certificate service, do you do anything
else on your CA server, such as rename, etc? Make sure the certificate
server is still functioning after the add/remove actions.

II. Let's manually find and correct duplicate SPNs

1. From the domain controller, open a command prompt, and then type the
following string:
"ldifde -f computers.txt -d "dc=domain,dc=com" -r" (objectclass=computer)"
-p subtree" (without the quotation marks)

(NOTE: If the machines that seem to have the duplicate SPNs are located in
a certain OU (for example, Florida), you can refine the base dn, for
example: "-d "ou=florida,dc=mydomain,dc=com"" (without the quotation
marks).

2. Open the text file in Notepad, and then search for the SPN that is
reported in the event log.

3. Note the machine accounts under which the SPN is located.

When you have located the computers that have the duplicate SPNs, you can
either delete the machine account from the domain, disjoin and rejoin the
machine to the domain, or you can use ADSIEdit to correct the SPN on the
computer that has the incorrect SPN.

In most cases, the computers have unique names, for example: machine1 and
machine2.

The SPN that is reported as duplicate may be HOST/machine1.mydomain.com.
With ADSIEdit, you can edit the SPN list on machine2 to delete the
duplicate SPN (HOST/machine1.mydomain.com), add the correct SPN
(HOST/machine2.mydomain.com), and then allow it to replicate to your other
domain controllers.

I hope the above information helps.

Have a nice day.

Best Regards,

Steven Zhu
MCSE
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
======================================================
PLEASE NOTE the newsgroup SECURE CODE and PASSWORD were
updated on February 14, 2006.? Please complete a re-registration process
by entering the secure code mmpng06 when prompted. Once you have
entered the secure code mmpng06, you will be able to update your profile
and access the partner newsgroups.
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
======================================================
Imtiaz Kiani
2006-06-08 14:36:01 UTC
Permalink
Hi Steven.

certificate services are not installed (checked) on this SBS 2003 premium ed
server under add/remove programs, Add remove windows components.

What should i do?
regards
Imtiaz
Post by Steven Zhu [MSFT]
Hi,
Thanks for posting here.
According to your post, I understand your concern is that there is an
EVENTID 11 error message in the event log. If I have misunderstood your
concerns, please let me know.
I. Beside uninstalling/reinstalling Certificate service, do you do anything
else on your CA server, such as rename, etc? Make sure the certificate
server is still functioning after the add/remove actions.
II. Let's manually find and correct duplicate SPNs
1. From the domain controller, open a command prompt, and then type the
"ldifde -f computers.txt -d "dc=domain,dc=com" -r" (objectclass=computer)"
-p subtree" (without the quotation marks)
(NOTE: If the machines that seem to have the duplicate SPNs are located in
a certain OU (for example, Florida), you can refine the base dn, for
example: "-d "ou=florida,dc=mydomain,dc=com"" (without the quotation
marks).
2. Open the text file in Notepad, and then search for the SPN that is
reported in the event log.
3. Note the machine accounts under which the SPN is located.
When you have located the computers that have the duplicate SPNs, you can
either delete the machine account from the domain, disjoin and rejoin the
machine to the domain, or you can use ADSIEdit to correct the SPN on the
computer that has the incorrect SPN.
In most cases, the computers have unique names, for example: machine1 and
machine2.
The SPN that is reported as duplicate may be HOST/machine1.mydomain.com.
With ADSIEdit, you can edit the SPN list on machine2 to delete the
duplicate SPN (HOST/machine1.mydomain.com), add the correct SPN
(HOST/machine2.mydomain.com), and then allow it to replicate to your other
domain controllers.
I hope the above information helps.
Have a nice day.
Best Regards,
Steven Zhu
MCSE
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
======================================================
PLEASE NOTE the newsgroup SECURE CODE and PASSWORD were
updated on February 14, 2006.? Please complete a re-registration process
by entering the secure code mmpng06 when prompted. Once you have
entered the secure code mmpng06, you will be able to update your profile
and access the partner newsgroups.
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
======================================================
Imtiaz Kiani
2006-06-08 15:23:02 UTC
Permalink
here is the result from the command.

C:\>ldifde -f computers.txt -d "dc=abc,dc=local" -r "(objectclass=computer)"
-p subtree
Connecting to "dc1.abc.local"
Logging in as current user using SSPI
Exporting directory to file computers.txt
Searching for entries...
Writing out entries...............................
31 entries exported

The command has completed successfully
Post by Steven Zhu [MSFT]
Hi,
Thanks for posting here.
According to your post, I understand your concern is that there is an
EVENTID 11 error message in the event log. If I have misunderstood your
concerns, please let me know.
I. Beside uninstalling/reinstalling Certificate service, do you do anything
else on your CA server, such as rename, etc? Make sure the certificate
server is still functioning after the add/remove actions.
II. Let's manually find and correct duplicate SPNs
1. From the domain controller, open a command prompt, and then type the
"ldifde -f computers.txt -d "dc=domain,dc=com" -r" (objectclass=computer)"
-p subtree" (without the quotation marks)
(NOTE: If the machines that seem to have the duplicate SPNs are located in
a certain OU (for example, Florida), you can refine the base dn, for
example: "-d "ou=florida,dc=mydomain,dc=com"" (without the quotation
marks).
2. Open the text file in Notepad, and then search for the SPN that is
reported in the event log.
3. Note the machine accounts under which the SPN is located.
When you have located the computers that have the duplicate SPNs, you can
either delete the machine account from the domain, disjoin and rejoin the
machine to the domain, or you can use ADSIEdit to correct the SPN on the
computer that has the incorrect SPN.
In most cases, the computers have unique names, for example: machine1 and
machine2.
The SPN that is reported as duplicate may be HOST/machine1.mydomain.com.
With ADSIEdit, you can edit the SPN list on machine2 to delete the
duplicate SPN (HOST/machine1.mydomain.com), add the correct SPN
(HOST/machine2.mydomain.com), and then allow it to replicate to your other
domain controllers.
I hope the above information helps.
Have a nice day.
Best Regards,
Steven Zhu
MCSE
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
======================================================
PLEASE NOTE the newsgroup SECURE CODE and PASSWORD were
updated on February 14, 2006.? Please complete a re-registration process
by entering the secure code mmpng06 when prompted. Once you have
entered the secure code mmpng06, you will be able to update your profile
and access the partner newsgroups.
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
======================================================
Steven Zhu [MSFT]
2006-06-09 07:42:09 UTC
Permalink
Hi,

Thanks for your new information.

Accounting your description, I understand that you already complete run the
C:\>ldifde -f computers.txt -d "dc=abc,dc=local" -r "(objectclass=computer)"
-p subtree

So please open the text file in Notepad, and then search for the SPN that
is reported in the event log. Please note the machine accounts under which
the SPN is located.

When you have located the computers that have the duplicate SPNs, you can
either delete the machine account from the domain, disjoin and rejoin the
machine to the domain, or you can use ADSIEdit to correct the SPN on the
computer that has the incorrect SPN.

In most cases, the computers have unique names, for example: machine1 and
machine2.

The SPN that is reported as duplicate may be HOST/machine1.mydomain.com.
With ADSIEdit, you can edit the SPN list on machine2 to delete the
duplicate SPN (HOST/machine1.mydomain.com), add the correct SPN
(HOST/machine2.mydomain.com), and then allow it to replicate to your other
domain controllers.

Please let me know the result above so that I can provide the further
assistance on this issue. I am looking forward to your reply.

Have a great day.

Best Regards,

Steven Zhu
MCSE
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
======================================================
PLEASE NOTE the newsgroup SECURE CODE and PASSWORD were
updated on February 14, 2006.? Please complete a re-registration process
by entering the secure code mmpng06 when prompted. Once you have
entered the secure code mmpng06, you will be able to update your profile
and access the partner newsgroups.
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
======================================================
althaf
2012-03-19 09:49:14 UTC
Permalink
Imtiaz Kiani wrote on 06/07/2006 16:33 ET
Post by Imtiaz Kiani
I get following two errors on the Server. I had joined a new XP workstatio
with an similar existiing station ID with W2K which was removed from th
network from the server Management console. I have tried to follow the hel
and support which suggest
as follows but it does not give me duplicat
"On the domain controller, do one or both of the following
For computer accounts, at the command prompt, typ
ldifde -f filename -d BaseDistinguishedName -r (objectclass=computer) -
subtre
For user accounts, at the command prompt, typ
ldifde -f filename -d BaseDistinguishedName -r (objectclass=user) -p subtre
Your assistance is appreciated
Thanks Imtiaz Kian
Event Type: Erro
Event Source: KD
Event Category: Non
Event ID: 1
Date: 07/06/200
Time: 12:34:57 P
User: N/
Computer: DC
Description
There are multiple accounts with name cifs/STN04.hucchc.local of typ
DS_SERVICE_PRINCIPAL_NAME
For more information, see Help and Support Center a
http://go.microsoft.com/fwlink/events.asp
Event Type: Erro
Event Source: KD
Event Category: Non
Event ID: 1
Date: 07/06/200
Time: 1:57:30 P
User: N/
Computer: DC
Description
There are multiple accounts with name host/stn04.hucchc.local of typ
DS_SERVICE_PRINCIPAL_NAME
For more information, see Help and Support Center a
http://go.microsoft.com/fwlink/events.asp
Hi Steven

I have a kind of different issue. For me on my DC when I type setspn - x I ge

duplicate results, however on event log I always get Kerberos error for a use
xyz whose name is not mentioned in setspn -x result

I tried removing the user xyz from domain adding to workgroup and then back t
Domain, still I am getting the same error. Please suggest whatelse I shoul
try

Also I would like to know if I remove the duplicate entries using setspn, onl
duplicate will be removed or the user from Domain will also get removed

If removed I need to add the user again

I searched an answer for this on several forums, but never got any reply
Expecting a response from you

Thanks
Althaf

Loading...