The KDC encountered duplicate names while processing a Kerberos authentication request in a Domain controller server

Similar Messages

• Error Event ID 11 The KDC encountered duplicate names while processing a Kerberos authentication request.

  I've been noticing The Error with event ID 11 popping up a lot on our domain controllers:
  The KDC encountered duplicate names while processing a Kerberos authentication request.
  When running setspn -X it says that it found 111 groups of duplicate SPNs. However, when going through the list, it references domain service accounts that are used to run our SQL Server services. We have about 50 remote locations and each of them has 3
  machines participating in a SQL mirror (principal, mirror, witness) and they all run the SQL Server service on the same account (1 account per location).
  We haven't experienced any issues at all but I was wondering if this could cause problems or if we are straying from best practice. Any advice is welcome. Thanks!

  I believe what you should do to follow best practice is to provide unique SPNs for each SQL server, which will also provide increased security, and to do that you must create individual service account for each SQL server so it can associate that
  account with that server's SPN.
  Here's more on it to help guide you. Read Paul's comments, as well as other suggestions in the following thread:
  event ID 11 There are multiple accounts with name MSSQLSvc/xxxxxx
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/8df35316-23ba-48ba-aa3e-2249fcbfecbc/event-id-11-there-are-multiple-accounts-with-name-mssqlsvcxxxxxx?forum=winserverDS
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.

• KDC encountered duplicate names while processing a Kerberos authentication request

  The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is RPCSS/HKHVS01 (of type DS_SERVICE_PRINCIPAL_NAME). This may result in authentication failures or downgrades to NTLM. In order to prevent
  this from occuring remove the duplicate entries for RPCSS/HKHCS01 in Active Directory.
  - What the error means ??
  - Why happen ??
  - How to fix it ??
  Thanks

  This is an SPN problem. Having duplicate SPNs will result in Kerberos failures and a downgrade to NTLM authentication. Please run
  setspn -x to get the list of duplicated SPNs. Once identified, you need to remove the duplicated ones. 
  You can also see that:
  http://blogs.technet.com/b/askds/archive/2008/06/09/kerberos-authentication-problems-service-principal-name-spn-issues-part-1.aspx
  http://blogs.technet.com/b/askds/archive/2008/06/09/kerberos-authentication-problems-service-principal-name-spn-issues-part-2.aspx
  http://blogs.technet.com/b/askds/archive/2008/06/09/kerberos-authentication-problems-service-principal-name-spn-issues-part-3.aspx
  This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Get Active Directory User Last Logon
  Create an Active Directory test domain similar to the production one
  Management of test accounts in an Active Directory production domain - Part I
  Management of test accounts in an Active Directory production domain - Part II
  Management of test accounts in an Active Directory production domain - Part III
  Reset Active Directory user password

• The event logging service encountered an error while processing an incoming event published from Microsoft-Windows-Security-Auditing.

  Last night, some of our systems installed updates released on 11/13/2014.  
  KB3021674
  KB2901983
  KB3023266
  KB3014029
  KB3022777
  KB3020388
  KB890830
  Today, all of the servers running Windows Server 2008 R2 started logging the following error in the Security log over and over:
  Log Name:      Security
  Source:        Microsoft-Windows-Eventlog
  Date:          1/15/2015 11:12:39 AM
  Event ID:      1108
  Task Category: Event processing
  Level:         Error
  Keywords:      Audit Success
  User:          N/A
  Description:
  The event logging service encountered an error while processing an incoming event published from Microsoft-Windows-Security-Auditing.
  Servers running Windows Server 2008 that also installed the updates are not experiencing the problem.  It looks like one of the updates may have introduced this problem with Server 2008 R2.

  ...Did you for sure confirm that:
  https://technet.microsoft.com/library/security/MS15-001
  is the cause?
  I did.  I had a VM that was not experiencing the problem.  I took a snapshot and tested the patches one by one.  Installing only KB3023266 immediately caused the issue to occur (after reboot).  A similar process was used to confirm that
  installing KB2675611 resolved the problem.
  Note that I found the installation of KB2675611 is usually quick, but it took several hours hours to install on some of our systems.  We had installed this patch a few months ago on a couple of servers and it was always quick to install.  But,
  it seems like installing it on a symptomatic system can cause it to take a long time.

• The test encountered an error while signing in to Outlook Web App. HTTP code: 200

  Infrastructure: Exchange 2010 SP3 RU2 environment on 17 servers worldwide with CAS, MB, HUB and UM roles. Server 2008 R2 VM's on Hyper-V 2008 R2.
  Trying to run the following command to test OWA connectivity on a server in the same Active Directory domain but in a different AD site:
  Get-ClientAccessServer -Identity Server1 | test-owaconnectivity -AllowUnsecureAccess -TrustAnySSLCertificate
  I get the reponse:
  WARNING: [11:04:51.276] : An Outlook Web App page wasn't received.
  WARNING: [11:04:51.276] : The test encountered an error while signing in to Outlook Web App.
  HTTP code: 200
  WARNING: [11:04:51.276] : Test failed for URL 'https://server1.domain.com/owa/'.
  ClientAccessServer        MailboxServer            URL                                               
  Scenario       Result       Latency          Error
  Server1.domain.com      Server2.domain.com  https://server1.domain.com/owa  Logon           Failure                           
  The test encountered an error while signing in to Outlook Web App. HTTP code: 200
  This is the same error message received from SCOM on its tests also.
  I have created a test account on all 17 servers using ./new-TestCasConnectivityUser and ensured their mailboxes reside on the correct server in the correct database.
  All internal servers are set for OWA and ECP for Windows Authentication. Only public facing CAS servers are set to Forms based. That said, have checked the 'Microsoft Exchange Forms-Based Authentication service' is running on both Server1 and Server2 as
  are all Exchange services except 'Microsoft Exchange IMAP4' (not used) or 'Microsoft Exchange POP3' (not used).
  However, if I run this command:
  test-owaconnectivity -AllowUnsecureAccess -TrustAnySSLCertificate -URL
  https://server1.domain.com/owa
  I get the following success after I have entered my correct credentials:
  Windows PowerShell Credential Request : cmdlet Test-OwaConnectivity at command pipeline position 1
  Warning: This credential is being requested by a script or application on the Server2.domain.com remote computer.
  Enter your credentials only if you trust the remote computer and the application or script requesting it.
  Supply values for the following parameters:
  MailboxCredential
  ClientAccessServer  MailboxServer  URL                                                
  Scenario              Result      Latency    Error
  (ms)
                                                          https://server1.domain.com/owa  
  Logon                 Success    6282.13
  So if I login with my domain username, it works and logs in. If the script runs using the 'extest....' user account created by the above ./new-TestCasConnectivityUser.ps1 , it does not work.
  Has anyone got any ideas please? I know its not the network as it works under my username, I know all fo the services required are running as it works under my username. There are no entries at all in the receiving server's error logs for Application, System,
  Exchange or Powershell at all.
  Any help greatly appreciated.
  Danny

  Did you read this?  http://support.microsoft.com/kb/2277649/en-us
  Did you run Test-MapiConnectivity? If not, can you run and post results? 
  HossFly, Exchange Administrator

• I get the message "an error occurred while processing this directive" but no hint of what the error

  I am trying to download Photoshop for the first time. I get the message "an error occurred while processing this directive" but no hint of what the error is or what I should do about it.

  Graham which version of Photoshop are you referencing?  Also which operating system are you using?  Finally can you please post a screen shot of your error message?

• Process MAD.EXE (PID=1932). All Domain Controller Servers in use are not responding:

  Process MAD.EXE (PID=1932). Topology discovery failed, error 0x80040a02 (DSC_E_NO_SUITABLE_CDC).
  Look up the Lightweight Directory Access Protocol (LDAP) error code specified in the event description. To do this, use Microsoft Knowledge Base article 218185, "Microsoft LDAP Error Codes." Use the information in that article to learn more about
  the cause and resolution to this error. Use the Ping or PathPing command-line tools to test network connectivity to local domain controllers.
  Process MAD.EXE (PID=1932). All Domain Controller Servers in use are not responding: 
  DC02.targetiletisim.local 
  DC01.targetiletisim.local 
  Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1148). Topology discovery failed, error 0x80040a02 (DSC_E_NO_SUITABLE_CDC). Look up the Lightweight Directory Access Protocol (LDAP) error code specified in the event description. To do this, use Microsoft Knowledge
  Base article 218185, "Microsoft LDAP Error Codes." Use the information in that article to learn more about the cause and resolution to this error. Use the Ping or PathPing command-line tools to test network connectivity to local domain controllers.
  pls help me :(

  Hi,
  Please use dcdiag and nltest to test the connectivity.
  BTW, have you disabled ipv6 on Exchange Server.
  Thanks,
  Simon Wu
  TechNet Community Support

• How to set the status of an Workitem, while processing?

  Hi,
  My requirement is to set/ Change the workitem status after/ while procecssing if certain condition is not met for all the users. I have one workitem assigned to multiple users. If any one of the user's executes the workitem, it displays a zprogram, but the user has not taken any action (SAVE), he simply came out of the transaction using "BACK" button. Here the Workitem has been vanished/disappeared from the other two users Inbox, and the workitem is in "In Processu201D Status for the User who executed the workitem. But my requirement is to set the workitem to be in "READY" status for all the users to whom the workitem is assigned; until the user "SAVE" the transaction I need the workitems to be in "READY" status only.
  Please suggest me with your ideas to get the above results.
  Note: I have used the function modules u201CSAP_WAPI_SET_WORKITEM_STATUS (or) SWW_WI_ADMIN_READY ", to change the status of the workitem while processing, it's throwing an error u201CWork item & locked by user & (enqueue erroru201D.
  Thanks in advance,
  Ajay Kumar

  Thanks Florin,
  Your piece of code has worked alot, and it was very helpful in changing the Status of the Workitem to "READY" for all the Users fo the workitem.
  Points have been rewarded for your help.
  Process: We have acheived this using the "Work Item Exits", Usng "AFTER_EXECUTION" Method.
  Note: The Exit will be executed if "exit_cancelled"  statement is present/used in the work item method. if not it is not taking to the exit code. I'm unable to find the reason for it. Florin can u please explain this point.
  Please check the link for adding the code in Work Item Exits.
  http://wiki.sdn.sap.com/wiki/display/ABAP/ProgramExitsIn+Workflow
  Please find the Code:
  method IF_SWF_IFS_WORKITEM_EXIT~EVENT_RAISED.
  Get the context of the workitem
    me->wi_context = im_workitem_context.
  After execution of the workitem call the method AFTER_EXECUTION
    if im_event_name eq swrco_event_after_execution.
      me->after_execution( ).
    endif.
  endmethod.
  METHOD AFTER_EXECUTION.
  This method acts as the Event Handler for SWRCO_EVENT_AFTER_EXECUTION
    DATA: LCL_L_WID TYPE SWW_WIID,
          L_STATUS TYPE SWR_WISTAT-STATUS,
          L_NEW_STATUS  TYPE SWR_WISTAT,
          L_SWR_MESSAG  TYPE STANDARD TABLE OF SWR_MESSAG,
          L_SWR_MSTRUC  TYPE STANDARD TABLE OF SWR_MSTRUC.
  Get work item
    CALL METHOD WI_CONTEXT->GET_WORKITEM_ID
      RECEIVING
        RE_WORKITEM = LCL_L_WID.
    L_STATUS = 'READY'.
    CALL FUNCTION 'SAP_WAPI_SET_WORKITEM_STATUS'
      EXPORTING
        WORKITEM_ID    = LCL_L_WID
        STATUS         = L_STATUS
        USER           = SY-UNAME
        LANGUAGE       = SY-LANGU
        DO_COMMIT      = 'X'
      IMPORTING
        NEW_STATUS     = L_NEW_STATUS
       RETURN_CODE    = SY-SUBRC
      TABLES
        MESSAGE_LINES  = L_SWR_MESSAG
        MESSAGE_STRUCT = L_SWR_MSTRUC.
    IF SY-SUBRC EQ 0.
    ENDIF.
  ENDMETHOD.
  Thank You Once Again,
  Ajay Kumar Chippa

• How do I supress the "sync encountered an error while syncing" bar? I get it every time I connect to a work VPN that is isolated from the internet.

  Background: For work I routinely need to connect to a secure VPN that is completely isolated from the internet. When using it, I can only connect to the servers that reside within the network and the VPN software (Cisco AnyConnect + NAC Agent) seems to automatically redirect all http requests to external sites to a catch-all 'sorry you can't do that' page.
  So while connected to the VPN, Firefox Sync doesn't work and nor do I expect it to. However, my issue is that every time I connect to the VPN, Firefox silently pops up a "sync encountered an error while syncing" error message bar at the bottom of the browser, which I have to manually close. This obviously isn't the end of the world, but having to do it all the time gets annoying so I was wondering if there was a way of suppressing that particular error message or maybe getting Sync to handle the secure VPN more gracefully.

  I don't know about blocking that message, but my suggestion is to turn Sync autoconnect off, and use Sync manually.
  Type '''about:config''' in the URL bar and hit Enter. <br />
  Then type '''''autoconnect''''' in the Search bar at the top. <br />
  '''services.sync.autoconnect''' = double-click that pref to toggle it to '''false'''.
  Then to trigger a Sync manually, hit '''Sync Now''' in the Firefox menu ''(or the File menu)''.

• Facetime: The server has encountered an error while processing the registration

  I always used FaceTime normally this morning gives me this error after entering Apple ID credentials. I tried to edit the hosts file and delete the certificate but both solutions are not served. Can you help me?
  thanks

  can anyone help me? Please

• Event ID 11 - Encountered Duplicate Names

  Hi,
  I am getting below error in my DC. A number of this errors with much PC.
  - Why this error occurs ??
  - How can fix it ??
  Thanks

  Hi，
  Please follow the link below to find the duplicate SPN and remove it to see if the issue persists:
  Event ID 11 — Service Principal Name Configuration
  If the above is not helpful, please feel free to let me know.
  Best reagrds,
  Susie

• HT5085 I really hate downloading a audio boMoth: The Moth Saga, Book 1 (Unabridged) Part 1     6:50:06     Daniel Arenson     ok $32.95 and the second part goes missing while processing and i cant recover it!!!!!!Arghhhhh rip off

  What do you do when you down load a $32 dollar audio book and part 2 goes missing during the processing stage and i cant find it anywhere?

  If it's not in the Music app on your phone, and you can't find it via the phone's spotlight search screen, then try the 'report a problem' page to contact iTunes Support : http://reportaproblem.apple.com
  If the 'report a problem' link doesn't work then you can try contacting iTunes Support via this page : http://www.apple.com/support/itunes/contact/ - click on Contact iTunes Store Support on the right-hand side of the page, then Purchases, Billing & Redemption

• How to tune the query for duplicate records while joining the two tables

  hi,i am executing the query which has retrieving multiple tables,in which one of them has duplicate record,how to get single record

  Not enough info...subject says "tune" the query, message says "write" the query...and where is actual query that you had tried ?

• SharePoint 2013 web service: Error while sending claim based authentication request (The corresponding SID in the domain is not part of the intended account type)

  We are using .asmx services for SharePoint features such as comments, and rating.
  Service
  Feature   used
  http://<<hostname>>/_vti_bin/socialdataservice.asmx
  Commenting, Rating
  http://<<hostname>>/_vti_bin/UserProfileService.asmx
  For out of box workflows
  In SharePoint 2013,
  SharePoint – 80  web application is on claims based mode and user is logging in with windows authentication. With logged-in client context used to call SharePoint's default web service, we are getting below error message from
  web service (Social data and user profile services).
  Server was unable to process request. ---> The corresponding SID in the domain is not part of the intended account type.
  When the service is accessed using console application with Visual Studio credentials (logged in user), we are able to access the service. Below is the code snippet
  using   (SocialDataService
  service = new  
  SocialDataService())
                    service.Credentials =
  CredentialCache.DefaultCredentials;
  SocialCommentDetail detail =   service.AddComment("<<url>>",
    "Test Comment",
  null,  
  null);
  Are SharePoint 2013 web services not supporting request coming with claim based authentication web application?
  Thanks, Pratik Agrawal (MAQ Software)

  While this applies to 2010, I believe the same is true with 2013:
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/925e5f46-317f-46d3-bc55-c67f07eb2372/call-sharepoint-web-services-using-claimbased-authentication?forum=sharepointgeneralprevious
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Error while processing the dimension

  Multiple Specification of the Name 'HIR' as a Component Name (Component 6)
  this is the error i am geting while processing the dimension

  Hi,
  Do you get this error while processing all the dimension or only in specific dimension?
  Do you have hierarchies in this dimension? Have you added the hierarchy in the property (you should not).