| Author | Messages | |
TG
Posts:312
 | | 07/16/2008 10:47 PM |
| I had similar error with SQL service SPN. When the same account tried to
register the same SPN on multiple servers. Try to search not on the
amsterdam-dc00 object, but all objects SPN field for that SPN and see if
you get computers where that spn is registered.
Thank you, Tony.
Tony Gordon
Windows 2003 & 2000 MCSE, Windows 2003 MCSA, PMP
ITS Infrastructure Engineering
Hewitt Associates | 100 Half Day Road | Lincolnshire, IL 60069 |
USA
Tel 847.295.5000 x50526 | Fax 847.554.1574
tony dot gordon at hewitt dot com | www.hewitt.com
From:
"Thomas Vito" <shoktai@gmail.com>
To:
ActiveDir@mail.activedir.org
Date:
07/08/2008 10:07 AM
Subject:
[ActiveDir] Multiple accounts with name cifs/... of type
DS_SERVICE_PRINCIPAL_NAME
Hello everyone,
I started to receive this error on a fresh DC that i just promoted in a
root domain as a GC:
There are multiple accounts with name cifs/AMSTERDAM-DC00 of type
DS_SERVICE_PRINCIPAL_NAME
The DC name was previously used but the old DC has been succesfully
depromoted and i have wait at least 48 hours after building up the new
one.
Microsoft resolution Help and Support Center states:
User Action
To restore Kerberos authentication, remove the duplicate principal name.
To find the duplicate, use either the Ldifde command or the LDP tool.
Using the Ldifde command, you can extract accounts for the domain, the
suspected container, or the organizational unit OU), and then find the
incorrectly configured principal name within the accounts.
To use the Ldifde utility to extract accounts
1. On the domain controller, do one or both of the following:
For computer accounts, at the command prompt, type
ldifde -f filename -d BaseDistinguishedName -r (objectclass=computer) -p
subtree
I did run the ldifde command but could not find the incorrectly configured
SPN, here is the output:
dn: CN=AMSTERDAM-DC00,OU=Domain Controllers,DC=acme,DC=com
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: computer
cn: AMSTERDAM-DC00
description: ACME DC for EMEA
distinguishedName: CN=AMSTERDAM-DC00,OU=Domain Controllers,DC=acme,DC=com
instanceType: 4
whenCreated: 20080707110815.0Z
whenChanged: 20080707131259.0Z
displayName: AMSTERDAM-DC00$
uSNCreated: 13238
uSNChanged: 89075
name: AMSTERDAM-DC00
objectGUID:: 3sBJKoASkEi/Bwxnzweb=-0-ow==
userAccountControl: 532480
codePage: 0
countryCode: 0
lastLogon: 128599999952372199
localPolicyFlags: 0
pwdLastSet: 128599024954678762
primaryGroupID: 516
objectSid:: AQUAAAAAAAUVAAAAjjxxYu5fez8QZwVcdTEAAA==
accountExpires: 9223372036854775807
logonCount: 1
sAMAccountName: AMSTERDAM-DC00$
sAMAccountType: 805306369
operatingSystem: Windows Server 2003
operatingSystemVersion: 5.2 (3790)
operatingSystemServicePack: Service Pack 2
serverReferenceBL:
CN=AMSTERDAM-DC00,CN=Servers,CN=AMS,CN=Sites,CN=Configuration,DC=acme,DC=com
dNSHostName: amsterdam-dc00.acme.com
rIDSetReferences: CN=RID Set,CN=AMSTERDAM-DC00,OU=Domain
Controllers,DC=acme,DC=com
servicePrincipalName: exchangeAB/AMSTERDAM-DC00
servicePrincipalName: exchangeAB/amsterdam-dc00.acme.com
servicePrincipalName: GC/amsterdam-dc00.acme.com/acme.com
servicePrincipalName: HOST/amsterdam-dc00.acme.com/acme.com
servicePrincipalName: HOST/amsterdam-dc00.acme.com/NT-MICH
servicePrincipalName: ldap/dff62be3-9c05-4f61-a28c-9042b1248629._
msdcs.acme.com
servicePrincipalName: ldap/amsterdam-dc00.acme.com/NT-MICH
servicePrincipalName: ldap/AMSTERDAM-DC00
servicePrincipalName: ldap/amsterdam-dc00.acme.com
servicePrincipalName: ldap/amsterdam-dc00.acme.com/acme.com
servicePrincipalName: NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/
amsterdam-dc00.acme.com
servicePrincipalName:
E3514235-4B06-11D1-AB04-00C04FC2DCD2/dff62be3-9c05-4f61-a28c-9042b1248629/
acme.com
servicePrincipalName: HOST/AMSTERDAM-DC00
servicePrincipalName: HOST/amsterdam-dc00.acme.com
objectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=acme,DC=com
isCriticalSystemObject: TRUE
frsComputerReferenceBL:
CN=AMSTERDAM-DC00,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=acme,DC=com
lastLogonTimestamp: 128599025020303342
Is that becuase of old metadata? What am i missing?
Thanks
The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited. All messages sent to and from this e-mail address may be monitored as permitted by applicable law and regulations to ensure compliance with our internal policies and to protect our business. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, lost or destroyed, or contain viruses. You are deemed to have accepted these risks if you communicate with us by e-mail.
| | | |
|
|