Error Event ID 11 The KDC encountered duplicate names while processing a Kerberos authentication request.

Similar Messages

• The KDC encountered duplicate names while processing a Kerberos authentication request in a Domain controller server

  HI
  we have a sharepoint farm and in domain controller server, this error is in event viewer
  Log Name:      System
  Source:        Microsoft-Windows-Kerberos-Key-Distribution-Center
  Date:          9/15/2014 10:44:15 PM
  Event ID:      11
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      XXXAPP01.xxxportal.com
  Description:
  The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is HTTP/XXXWFE01.xxxportal.com (of type DS_SERVICE_PRINCIPAL_NAME). This may result in authentication failures or downgrades to NTLM. In order to prevent
  this from occuring remove the duplicate entries for HTTP/XXXWFE01.xxxportal.com in Active Directory.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-Kerberos-Key-Distribution-Center" Guid="{3FD9DA1A-5A54-46C5-9A26-9BD7C0685056}" EventSourceName="KDC" />
      <EventID Qualifiers="49152">11</EventID>
      <Version>0</Version>
      <Level>2</Level>
      <Task>0</Task>
      <Opcode>0</Opcode>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2014-09-15T19:44:15.000000000Z" />
      <EventRecordID>131824</EventRecordID>
      <Correlation />
      <Execution ProcessID="0" ThreadID="0" />
      <Channel>System</Channel>
      <Computer>XXXAPP01.xxxportal.com</Computer>
      <Security />
    </System>
    <EventData>
      <Data Name="Name">HTTP/XXXWFE01.xxxportal.com</Data>
      <Data Name="Type">DS_SERVICE_PRINCIPAL_NAME</Data>
      <Binary>
      </Binary>
    </EventData>
  </Event>
  adil

  Hi adil,
  Service principal names (SPNs) are stored as a property of the associated account object in Active Directory
  Domain Services (AD DS). I noticed that you have used setpn –X to identify the duplicate SPN. Please refer to following articles and check if help you to solve this issue.
  Event ID 11 — Service Principal
  Name Configuration
  Event ID 11 in the System log of domain controllers
  Please also refer to following article and check if can help you.
  The problem with duplicate SPNs
  Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft
  does not guarantee the accuracy of this information.
  If any update, please feel free to let me know.
  Hope this helps.
  Best regards,
  Justin Gu

• KDC encountered duplicate names while processing a Kerberos authentication request

  The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is RPCSS/HKHVS01 (of type DS_SERVICE_PRINCIPAL_NAME). This may result in authentication failures or downgrades to NTLM. In order to prevent
  this from occuring remove the duplicate entries for RPCSS/HKHCS01 in Active Directory.
  - What the error means ??
  - Why happen ??
  - How to fix it ??
  Thanks

  This is an SPN problem. Having duplicate SPNs will result in Kerberos failures and a downgrade to NTLM authentication. Please run
  setspn -x to get the list of duplicated SPNs. Once identified, you need to remove the duplicated ones. 
  You can also see that:
  http://blogs.technet.com/b/askds/archive/2008/06/09/kerberos-authentication-problems-service-principal-name-spn-issues-part-1.aspx
  http://blogs.technet.com/b/askds/archive/2008/06/09/kerberos-authentication-problems-service-principal-name-spn-issues-part-2.aspx
  http://blogs.technet.com/b/askds/archive/2008/06/09/kerberos-authentication-problems-service-principal-name-spn-issues-part-3.aspx
  This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Get Active Directory User Last Logon
  Create an Active Directory test domain similar to the production one
  Management of test accounts in an Active Directory production domain - Part I
  Management of test accounts in an Active Directory production domain - Part II
  Management of test accounts in an Active Directory production domain - Part III
  Reset Active Directory user password

• KDC Event ID 29 - The KDC cannot find a suitable certificate to use for smart card logons...

  I am getting the event (below) every day on a new 2008 domain controller that I brought up recently. The DC has a domain controller certificate, that was automatically issued by an online enterprise CA. This CA is located in another domain (child domain) within the same forest. The 2008 DC is in the top-lvel domain.  None of the other domain controllers , which are 2003, are reporting this message. I ran certutil.exe, and it successfully verifies all domain controller certificates, including the certificate on my new 2008 DC. Any ideas why these messages continue to appear?
  The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.

  Hi,
  I have checked the file. Here is my findings:
  1.    The computer name of the domain controllers are different in this dcinfo.txt file. There is no Swampoak. I would like to confirm which one is Windows Server 2008 domain controller.
  2.    The domain controller Buckeye and Madrone both have 2 KDC certificates, one is expired and the other one is valid:
  *** Testing DC[0]: MADRONE
  ** KDC Certificates for DC MADRONE
  Certificate 0:  -à Valid
  Serial Number: 116bbdd90000000000b6
  Issuer: ***
  NotBefore: 12/15/2008 2:28 AM
  NotAfter: 12/15/2009 2:28 AM
  Subject: CN=madrone.****
  Certificate Template Name (Certificate Type): DomainController
  Non-root Certificate
  Template: DomainController, Domain Controller
  Certificate 1:   --à Expired
  Serial Number: 15c2f00b000000000028
  Issuer: ****
  NotBefore: 3/9/2007 3:05 PM
  NotAfter: 3/8/2008 3:05 PM
  Subject: EMPTY (DNS Name=madrone.****)
  Non-root Certificate
  Template: DomainControllerAuthentication, Domain Controller Authentication
  *** Testing DC[1]: BUCKEYE
  ** KDC Certificates for DC BUCKEYE
  Certificate 0:  -à Expired
  Serial Number: 15c4ddc2000000000029
  Issuer: *****
  NotBefore: 3/9/2007 3:07 PM
  NotAfter: 3/8/2008 3:07 PM
  Subject: EMPTY (DNS Name=buckeye.****)
  Non-root Certificate
  Template: DomainControllerAuthentication, Domain Controller Authentication
  Certificate 1: -à Valid
  Serial Number: 115f34ec0000000000b4
  Issuer: ****
  NotBefore: 12/15/2008 2:15 AM
  NotAfter: 12/15/2009 2:15 AM
  Subject: CN=buckeye.****
  Certificate Template Name (Certificate Type): DomainController
  Non-root Certificate
  Template: DomainController, Domain Controller
  Suggestion:
  1.    Please delete the expired certificate and then reboot the domain controller and test the issue again.
  2.    If the issue persists, please request a new Domain Controller Authentication certificate on the domian controller and check the result.

• How to set the status of an Workitem, while processing?

  Hi,
  My requirement is to set/ Change the workitem status after/ while procecssing if certain condition is not met for all the users. I have one workitem assigned to multiple users. If any one of the user's executes the workitem, it displays a zprogram, but the user has not taken any action (SAVE), he simply came out of the transaction using "BACK" button. Here the Workitem has been vanished/disappeared from the other two users Inbox, and the workitem is in "In Processu201D Status for the User who executed the workitem. But my requirement is to set the workitem to be in "READY" status for all the users to whom the workitem is assigned; until the user "SAVE" the transaction I need the workitems to be in "READY" status only.
  Please suggest me with your ideas to get the above results.
  Note: I have used the function modules u201CSAP_WAPI_SET_WORKITEM_STATUS (or) SWW_WI_ADMIN_READY ", to change the status of the workitem while processing, it's throwing an error u201CWork item & locked by user & (enqueue erroru201D.
  Thanks in advance,
  Ajay Kumar

  Thanks Florin,
  Your piece of code has worked alot, and it was very helpful in changing the Status of the Workitem to "READY" for all the Users fo the workitem.
  Points have been rewarded for your help.
  Process: We have acheived this using the "Work Item Exits", Usng "AFTER_EXECUTION" Method.
  Note: The Exit will be executed if "exit_cancelled"  statement is present/used in the work item method. if not it is not taking to the exit code. I'm unable to find the reason for it. Florin can u please explain this point.
  Please check the link for adding the code in Work Item Exits.
  http://wiki.sdn.sap.com/wiki/display/ABAP/ProgramExitsIn+Workflow
  Please find the Code:
  method IF_SWF_IFS_WORKITEM_EXIT~EVENT_RAISED.
  Get the context of the workitem
    me->wi_context = im_workitem_context.
  After execution of the workitem call the method AFTER_EXECUTION
    if im_event_name eq swrco_event_after_execution.
      me->after_execution( ).
    endif.
  endmethod.
  METHOD AFTER_EXECUTION.
  This method acts as the Event Handler for SWRCO_EVENT_AFTER_EXECUTION
    DATA: LCL_L_WID TYPE SWW_WIID,
          L_STATUS TYPE SWR_WISTAT-STATUS,
          L_NEW_STATUS  TYPE SWR_WISTAT,
          L_SWR_MESSAG  TYPE STANDARD TABLE OF SWR_MESSAG,
          L_SWR_MSTRUC  TYPE STANDARD TABLE OF SWR_MSTRUC.
  Get work item
    CALL METHOD WI_CONTEXT->GET_WORKITEM_ID
      RECEIVING
        RE_WORKITEM = LCL_L_WID.
    L_STATUS = 'READY'.
    CALL FUNCTION 'SAP_WAPI_SET_WORKITEM_STATUS'
      EXPORTING
        WORKITEM_ID    = LCL_L_WID
        STATUS         = L_STATUS
        USER           = SY-UNAME
        LANGUAGE       = SY-LANGU
        DO_COMMIT      = 'X'
      IMPORTING
        NEW_STATUS     = L_NEW_STATUS
       RETURN_CODE    = SY-SUBRC
      TABLES
        MESSAGE_LINES  = L_SWR_MESSAG
        MESSAGE_STRUCT = L_SWR_MSTRUC.
    IF SY-SUBRC EQ 0.
    ENDIF.
  ENDMETHOD.
  Thank You Once Again,
  Ajay Kumar Chippa

• Event ID 11 - Encountered Duplicate Names

  Hi,
  I am getting below error in my DC. A number of this errors with much PC.
  - Why this error occurs ??
  - How can fix it ??
  Thanks

  Hi，
  Please follow the link below to find the duplicate SPN and remove it to see if the issue persists:
  Event ID 11 — Service Principal Name Configuration
  If the above is not helpful, please feel free to let me know.
  Best reagrds,
  Susie

• MBAM Error Event ID 2 The Remote Endpoint Was Unreachable ErrorCode 0x803d0010

  Cannot get a machine to talk to the mbam server.
  Machine is encrypted but not reporting to Mbam Server.
  Error log:
  TimeCreated
  [SystemTime]
  2014-12-12T07:43:37.411949200Z
  EventRecordID
  297
  Correlation
  Execution
  [ ProcessID]
  168
  [ ThreadID]
  2444
  Channel
  Microsoft-Windows-MBAM/Admin
  Computer
  ABGGBLD02025.bsg.LOCAL
  Security
  [ UserID]
  S-1-5-18
  EventData
  VolumeId
  \\?\Volume{763467f2-2e1e-11e4-ba03-1458d0b73bcb}\
  ErrorCode
  0x803d0010
  ErrorString
  The remote endpoint was not reachable.
  Machine Details:
  OS Name             Microsoft Windows 7 Enterprise
  Version                6.1.7601 Service Pack 1 Build 7601
  Other OS Description     Not Available
  OS Manufacturer             Microsoft Corporation
  System Name    ABGGBLD02025
  System Manufacturer    Hewlett-Packard
  System Model   HP EliteBook Folio 9470m
  System Type      X86-based PC
  Processor            Intel(R) Core(TM) i5-3427U CPU @ 1.80GHz, 2301 Mhz, 2 Core(s), 4 Logical Processor(s)
  BIOS Version/Date          Hewlett-Packard 68IBD Ver. F.48, 13/01/2014
  SMBIOS Version               2.7
  Windows Directory         C:\WINDOWS
  System Directory             C:\WINDOWS\system32
  Boot Device        \Device\HarddiskVolume2
  Locale   United States
  Hardware Abstraction Layer        Version = "6.1.7601.17514"
  User Name         BSG\CRackham
  Time Zone           GMT Standard Time
  Installed Physical Memory (RAM)             Not Available
  Total Physical Memory  2.88 GB
  Available Physical Memory          1.43 GB
  Total Virtual Memory     5.77 GB
  Available Virtual Memory             4.36 GB
  Page File Space 2.88 GB
  Page File              C:\pagefile.sys
  Troubleshooting Steps:
  1: Removed out of OU and back in again to re-apply GPO
  2: BIOS already latest version
  Any help or information greatly appreciated

  what it is not able to talk to? Hardware and recovery or status recovery endpoint? is this the only machine giving problem or there are other machines as well giving you trouble?
  are you able to browse the URL from this bad machine? Do this- go to HKLM\Software\Policies\Microsoft\FVE\MDOPBitLockerManagement 
  there will be two URLs one to escrow the recovery password and other for client reporting. make sure you are able to browse through the URL from IE, you should something see like "meta data publishing is disabled". 
  if it works then you will need to check the logs from helpdesk website,
  Mayank Sharma Support Engineer at Microsoft working in Enterprise Platform Support.

• SharePoint 2013 web service: Error while sending claim based authentication request (The corresponding SID in the domain is not part of the intended account type)

  We are using .asmx services for SharePoint features such as comments, and rating.
  Service
  Feature   used
  http://<<hostname>>/_vti_bin/socialdataservice.asmx
  Commenting, Rating
  http://<<hostname>>/_vti_bin/UserProfileService.asmx
  For out of box workflows
  In SharePoint 2013,
  SharePoint – 80  web application is on claims based mode and user is logging in with windows authentication. With logged-in client context used to call SharePoint's default web service, we are getting below error message from
  web service (Social data and user profile services).
  Server was unable to process request. ---> The corresponding SID in the domain is not part of the intended account type.
  When the service is accessed using console application with Visual Studio credentials (logged in user), we are able to access the service. Below is the code snippet
  using   (SocialDataService
  service = new  
  SocialDataService())
                    service.Credentials =
  CredentialCache.DefaultCredentials;
  SocialCommentDetail detail =   service.AddComment("<<url>>",
    "Test Comment",
  null,  
  null);
  Are SharePoint 2013 web services not supporting request coming with claim based authentication web application?
  Thanks, Pratik Agrawal (MAQ Software)

  While this applies to 2010, I believe the same is true with 2013:
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/925e5f46-317f-46d3-bc55-c67f07eb2372/call-sharepoint-web-services-using-claimbased-authentication?forum=sharepointgeneralprevious
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• How to tune the query for duplicate records while joining the two tables

  hi,i am executing the query which has retrieving multiple tables,in which one of them has duplicate record,how to get single record

  Not enough info...subject says "tune" the query, message says "write" the query...and where is actual query that you had tried ?

• HT5085 I really hate downloading a audio boMoth: The Moth Saga, Book 1 (Unabridged) Part 1     6:50:06     Daniel Arenson     ok $32.95 and the second part goes missing while processing and i cant recover it!!!!!!Arghhhhh rip off

  What do you do when you down load a $32 dollar audio book and part 2 goes missing during the processing stage and i cant find it anywhere?

  If it's not in the Music app on your phone, and you can't find it via the phone's spotlight search screen, then try the 'report a problem' page to contact iTunes Support : http://reportaproblem.apple.com
  If the 'report a problem' link doesn't work then you can try contacting iTunes Support via this page : http://www.apple.com/support/itunes/contact/ - click on Contact iTunes Store Support on the right-hand side of the page, then Purchases, Billing & Redemption

• Error While processing the COBRA qualified Life event

  Hi All,
  We have setup the Termination Life event as a COBRA qualifying life event.
  Also setup the a new monthly payroll as the default payroll and set the benefit assignment to Yes at BG level.
  I created an employee on 18 aug 2010 , processed new hire life event and enrolled that employee into the COBRA plan named "Be well Medical Plan".
  Then When I terminated the employee as on 18oct2010, While Processing The Termination life event, I am getting an Error saying “When determining pay periods, a payroll Id is required. This error has occurred in the following package : ben_distribute_rates.get_periods_between. "
  When I searched for this error in metalink ,it says it does not have a payroll id ,but when I check on 19oct2010 using the People->Total Comp Participation->Person Benefits Assignment window, he has got the default payroll attached to his benefits assignment.
  Could you please help me to reslove this issue?
  Your help is greatly appreciated.
  Thank you,
  Anuradha

  Hi Anuradha,
  This error comes in many scenarios and there are bug fixes also for them. Please check on all patches available for you apps patchset level having the file benelmen.pkb. You may find a fix for it. (This was a common issue sometime back with suspended/terminated assignments) Also, I suggest logging a SR with oracle asap if your terminated assignment and also the benefits assignment have the correct payrolls attached.
  Regards,
  Vinayaka

• The system encountered error before Itunes could be configured

  Hi, i can't seem to get Itunes 8 to run. Each time after the installer is launched, it has an error message that says "The system encountered error before Itunes could be configured. Your systems has not been modified. To try this application at a later time, please run the installer again."
  I am using windows vista home premium and a iTouch
  I am running out of ideas
  thanks for your help!

  me too. except now i can't delete all the programs from my computer to reinstall not happy

• How to: subscribe for the viewer's Error event

  I am running a third party report tool and am trying to understand how to comply with their request. My report works fine in all export modes with the exception of export to word at which time it throws a "Index was outside the bounds of the array"
  error. This does not occur in any other export mode (i.e., Excel, RTF, TIFF, yada, yada.)
  The request from the vendor is " subscribe for the viewer's Error event and the report's Error event to get the exception."
  I run Win8.1 and would like to create a subscription to the View Event log to trap the occurrence of this error. I have tried to locate some documentation online as to how I can accomplish this.
  Where can I find this information as well as an example?
  Tom Mann MCSD C#

  They seem to be suggesting that the control will raise an error event which you can subscribe to.
  myViewer.Error += SomeHandler;
  and presumably
  private void SomeHandler(object sender, EventArgs a)
  // Do some error handling.
  If there turns out to be no actual error event then..,..
  Can you put a try catch block round code does the export?
  I'm guessing maybe not and it's an internal thing in the viewer.
  Plan C , let's see now.
  Try to find a way to override that button click on the viewer.
  Hope that helps.
  Recent Technet articles:
  Property List Editing ;  
  Dynamic XAML

• Workflow error Event 11903

  We are receiving the following error Event ID 11903
  The Microsoft Operations Manager Expression Filter Module could not convert
  the received value to the requested type.
  Property Expression: 529;644
  Property Value: 529;644
  Conversion Type: DataItemElementTypeUnsignedInteger(6)
  Original Error: 0x80FF005A
  One or more workflows were affected by this. 
  Workflow name: MomUIGeneratedRule125158e6dd2149fbb8ab76e647986b1c
  Instance name: XXXXXX
  Instance ID: {40D48D2D-5A62-BC78-2D39-8A15985F5AE2}
  Management group: XXXXXX
  Any help greatly appreciated

  Hi Graham,
  I am having the same kind of issue in my environment. This event gets logged into all my server logs. But  i am unable to find which rule is creating this error. Is there a query to find the rule name from any of the below.
  Property Expression: ^(1069)$
  Property Value: ^(1069)$
  Conversion Type: DataItemElementTypeUnsignedInteger(6)
  Original Error: 0x80FF005A
  One or more workflows were affected by this. 
  Workflow name: MomUIGeneratedRule125158e6dd2149fbb8ab76e647986b1c
  Instance name: XXXXXX
  Instance ID: {40D48D2D-5A62-BC78-2D39-8A15985F5AE2}
  Management group: XXXXXX
  Jesty

• Executables throw a widows error when you close the application

  I have this problem on several of my labview executables.  I can open and runt eh program with no errors.  But when I close the program by any method, I get a pop up error in windows. Stating:
  "Application Name" has encountered a problem and needs to close.  We are sorry for the inconvenience. 
  I get the option to send the info to Microsoft.  Another error pops up Stating the following:
  WinsockAsyncSelectWindow:  Application name.exe - application error
  The instruction at "0x7c90e470" referenced memory at "0x03182a2c". The memory could not be "read".  Click on CANCEL to debug the program.
  This is really annoying... Anyone know why this error is poping up?

  Hi Jason,
  Could you please provide us with some more information regarding your executable?
  What version of LV are you using?
  How are you stopping the executable (stop button?  abort button?)  You should always use a stop button, not the abort button (the stop sign looking glyph on the toolbar) to ensure that all of your references have been properly closed. 
  Do you see this performance when running the executable on the development machine?
  Do you get the warning every time, or only some of the time?
  What all are you doing in the executable?  I'd be curious to know if it was something particular to your code or the environment.  One way to test this is to build a "dummy" executable--just one that does something as simple as count iterations, and see if you get the message or not.  
  Please provide a little more information and we'll do our best to help. 
  Cheers, 
  Marti C
  Applications Engineer
  National Instruments
  NI Medical