The KDC encountered duplicate names while processing a Kerberos authentication request in a Domain controller server
HI
we have a sharepoint farm and in domain controller server, this error is in event viewer
Log Name: System
Source: Microsoft-Windows-Kerberos-Key-Distribution-Center
Date: 9/15/2014 10:44:15 PM
Event ID: 11
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: XXXAPP01.xxxportal.com
Description:
The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is HTTP/XXXWFE01.xxxportal.com (of type DS_SERVICE_PRINCIPAL_NAME). This may result in authentication failures or downgrades to NTLM. In order to prevent
this from occuring remove the duplicate entries for HTTP/XXXWFE01.xxxportal.com in Active Directory.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kerberos-Key-Distribution-Center" Guid="{3FD9DA1A-5A54-46C5-9A26-9BD7C0685056}" EventSourceName="KDC" />
<EventID Qualifiers="49152">11</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-09-15T19:44:15.000000000Z" />
<EventRecordID>131824</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>XXXAPP01.xxxportal.com</Computer>
<Security />
</System>
<EventData>
<Data Name="Name">HTTP/XXXWFE01.xxxportal.com</Data>
<Data Name="Type">DS_SERVICE_PRINCIPAL_NAME</Data>
<Binary>
</Binary>
</EventData>
</Event>
adil
Hi adil,
Service principal names (SPNs) are stored as a property of the associated account object in Active Directory
Domain Services (AD DS). I noticed that you have used setpn –X to identify the duplicate SPN. Please refer to following articles and check if help you to solve this issue.
Event ID 11 — Service Principal
Name Configuration
Event ID 11 in the System log of domain controllers
Please also refer to following article and check if can help you.
The problem with duplicate SPNs
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft
does not guarantee the accuracy of this information.
If any update, please feel free to let me know.
Hope this helps.
Best regards,
Justin Gu
Similar Messages
-
I've been noticing The Error with event ID 11 popping up a lot on our domain controllers:
The KDC encountered duplicate names while processing a Kerberos authentication request.
When running setspn -X it says that it found 111 groups of duplicate SPNs. However, when going through the list, it references domain service accounts that are used to run our SQL Server services. We have about 50 remote locations and each of them has 3
machines participating in a SQL mirror (principal, mirror, witness) and they all run the SQL Server service on the same account (1 account per location).
We haven't experienced any issues at all but I was wondering if this could cause problems or if we are straying from best practice. Any advice is welcome. Thanks!I believe what you should do to follow best practice is to provide unique SPNs for each SQL server, which will also provide increased security, and to do that you must create individual service account for each SQL server so it can associate that
account with that server's SPN.
Here's more on it to help guide you. Read Paul's comments, as well as other suggestions in the following thread:
event ID 11 There are multiple accounts with name MSSQLSvc/xxxxxx
http://social.technet.microsoft.com/Forums/windowsserver/en-US/8df35316-23ba-48ba-aa3e-2249fcbfecbc/event-id-11-there-are-multiple-accounts-with-name-mssqlsvcxxxxxx?forum=winserverDS
Ace Fekay
MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights. -
KDC encountered duplicate names while processing a Kerberos authentication request
The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is RPCSS/HKHVS01 (of type DS_SERVICE_PRINCIPAL_NAME). This may result in authentication failures or downgrades to NTLM. In order to prevent
this from occuring remove the duplicate entries for RPCSS/HKHCS01 in Active Directory.
- What the error means ??
- Why happen ??
- How to fix it ??
ThanksThis is an SPN problem. Having duplicate SPNs will result in Kerberos failures and a downgrade to NTLM authentication. Please run
setspn -x to get the list of duplicated SPNs. Once identified, you need to remove the duplicated ones.
You can also see that:
http://blogs.technet.com/b/askds/archive/2008/06/09/kerberos-authentication-problems-service-principal-name-spn-issues-part-1.aspx
http://blogs.technet.com/b/askds/archive/2008/06/09/kerberos-authentication-problems-service-principal-name-spn-issues-part-2.aspx
http://blogs.technet.com/b/askds/archive/2008/06/09/kerberos-authentication-problems-service-principal-name-spn-issues-part-3.aspx
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Get Active Directory User Last Logon
Create an Active Directory test domain similar to the production one
Management of test accounts in an Active Directory production domain - Part I
Management of test accounts in an Active Directory production domain - Part II
Management of test accounts in an Active Directory production domain - Part III
Reset Active Directory user password -
Last night, some of our systems installed updates released on 11/13/2014.
KB3021674
KB2901983
KB3023266
KB3014029
KB3022777
KB3020388
KB890830
Today, all of the servers running Windows Server 2008 R2 started logging the following error in the Security log over and over:
Log Name: Security
Source: Microsoft-Windows-Eventlog
Date: 1/15/2015 11:12:39 AM
Event ID: 1108
Task Category: Event processing
Level: Error
Keywords: Audit Success
User: N/A
Description:
The event logging service encountered an error while processing an incoming event published from Microsoft-Windows-Security-Auditing.
Servers running Windows Server 2008 that also installed the updates are not experiencing the problem. It looks like one of the updates may have introduced this problem with Server 2008 R2....Did you for sure confirm that:
https://technet.microsoft.com/library/security/MS15-001
is the cause?
I did. I had a VM that was not experiencing the problem. I took a snapshot and tested the patches one by one. Installing only KB3023266 immediately caused the issue to occur (after reboot). A similar process was used to confirm that
installing KB2675611 resolved the problem.
Note that I found the installation of KB2675611 is usually quick, but it took several hours hours to install on some of our systems. We had installed this patch a few months ago on a couple of servers and it was always quick to install. But,
it seems like installing it on a symptomatic system can cause it to take a long time. -
The test encountered an error while signing in to Outlook Web App. HTTP code: 200
Infrastructure: Exchange 2010 SP3 RU2 environment on 17 servers worldwide with CAS, MB, HUB and UM roles. Server 2008 R2 VM's on Hyper-V 2008 R2.
Trying to run the following command to test OWA connectivity on a server in the same Active Directory domain but in a different AD site:
Get-ClientAccessServer -Identity Server1 | test-owaconnectivity -AllowUnsecureAccess -TrustAnySSLCertificate
I get the reponse:
WARNING: [11:04:51.276] : An Outlook Web App page wasn't received.
WARNING: [11:04:51.276] : The test encountered an error while signing in to Outlook Web App.
HTTP code: 200
WARNING: [11:04:51.276] : Test failed for URL 'https://server1.domain.com/owa/'.
ClientAccessServer MailboxServer URL
Scenario Result Latency Error
Server1.domain.com Server2.domain.com https://server1.domain.com/owa Logon Failure
The test encountered an error while signing in to Outlook Web App. HTTP code: 200
This is the same error message received from SCOM on its tests also.
I have created a test account on all 17 servers using ./new-TestCasConnectivityUser and ensured their mailboxes reside on the correct server in the correct database.
All internal servers are set for OWA and ECP for Windows Authentication. Only public facing CAS servers are set to Forms based. That said, have checked the 'Microsoft Exchange Forms-Based Authentication service' is running on both Server1 and Server2 as
are all Exchange services except 'Microsoft Exchange IMAP4' (not used) or 'Microsoft Exchange POP3' (not used).
However, if I run this command:
test-owaconnectivity -AllowUnsecureAccess -TrustAnySSLCertificate -URL
https://server1.domain.com/owa
I get the following success after I have entered my correct credentials:
Windows PowerShell Credential Request : cmdlet Test-OwaConnectivity at command pipeline position 1
Warning: This credential is being requested by a script or application on the Server2.domain.com remote computer.
Enter your credentials only if you trust the remote computer and the application or script requesting it.
Supply values for the following parameters:
MailboxCredential
ClientAccessServer MailboxServer URL
Scenario Result Latency Error
(ms)
https://server1.domain.com/owa
Logon Success 6282.13
So if I login with my domain username, it works and logs in. If the script runs using the 'extest....' user account created by the above ./new-TestCasConnectivityUser.ps1 , it does not work.
Has anyone got any ideas please? I know its not the network as it works under my username, I know all fo the services required are running as it works under my username. There are no entries at all in the receiving server's error logs for Application, System,
Exchange or Powershell at all.
Any help greatly appreciated.
DannyDid you read this? http://support.microsoft.com/kb/2277649/en-us
Did you run Test-MapiConnectivity? If not, can you run and post results?
HossFly, Exchange Administrator -
I get the message "an error occurred while processing this directive" but no hint of what the error
I am trying to download Photoshop for the first time. I get the message "an error occurred while processing this directive" but no hint of what the error is or what I should do about it.
Graham which version of Photoshop are you referencing? Also which operating system are you using? Finally can you please post a screen shot of your error message?
-
Process MAD.EXE (PID=1932). Topology discovery failed, error 0x80040a02 (DSC_E_NO_SUITABLE_CDC).
Look up the Lightweight Directory Access Protocol (LDAP) error code specified in the event description. To do this, use Microsoft Knowledge Base article 218185, "Microsoft LDAP Error Codes." Use the information in that article to learn more about
the cause and resolution to this error. Use the Ping or PathPing command-line tools to test network connectivity to local domain controllers.
Process MAD.EXE (PID=1932). All Domain Controller Servers in use are not responding:
DC02.targetiletisim.local
DC01.targetiletisim.local
Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1148). Topology discovery failed, error 0x80040a02 (DSC_E_NO_SUITABLE_CDC). Look up the Lightweight Directory Access Protocol (LDAP) error code specified in the event description. To do this, use Microsoft Knowledge
Base article 218185, "Microsoft LDAP Error Codes." Use the information in that article to learn more about the cause and resolution to this error. Use the Ping or PathPing command-line tools to test network connectivity to local domain controllers.
pls help me :(Hi,
Please use dcdiag and nltest to test the connectivity.
BTW, have you disabled ipv6 on Exchange Server.
Thanks,
Simon Wu
TechNet Community Support -
How to set the status of an Workitem, while processing?
Hi,
My requirement is to set/ Change the workitem status after/ while procecssing if certain condition is not met for all the users. I have one workitem assigned to multiple users. If any one of the user's executes the workitem, it displays a zprogram, but the user has not taken any action (SAVE), he simply came out of the transaction using "BACK" button. Here the Workitem has been vanished/disappeared from the other two users Inbox, and the workitem is in "In Processu201D Status for the User who executed the workitem. But my requirement is to set the workitem to be in "READY" status for all the users to whom the workitem is assigned; until the user "SAVE" the transaction I need the workitems to be in "READY" status only.
Please suggest me with your ideas to get the above results.
Note: I have used the function modules u201CSAP_WAPI_SET_WORKITEM_STATUS (or) SWW_WI_ADMIN_READY ", to change the status of the workitem while processing, it's throwing an error u201CWork item & locked by user & (enqueue erroru201D.
Thanks in advance,
Ajay KumarThanks Florin,
Your piece of code has worked alot, and it was very helpful in changing the Status of the Workitem to "READY" for all the Users fo the workitem.
Points have been rewarded for your help.
Process: We have acheived this using the "Work Item Exits", Usng "AFTER_EXECUTION" Method.
Note: The Exit will be executed if "exit_cancelled" statement is present/used in the work item method. if not it is not taking to the exit code. I'm unable to find the reason for it. Florin can u please explain this point.
Please check the link for adding the code in Work Item Exits.
http://wiki.sdn.sap.com/wiki/display/ABAP/ProgramExitsIn+Workflow
Please find the Code:
method IF_SWF_IFS_WORKITEM_EXIT~EVENT_RAISED.
Get the context of the workitem
me->wi_context = im_workitem_context.
After execution of the workitem call the method AFTER_EXECUTION
if im_event_name eq swrco_event_after_execution.
me->after_execution( ).
endif.
endmethod.
METHOD AFTER_EXECUTION.
This method acts as the Event Handler for SWRCO_EVENT_AFTER_EXECUTION
DATA: LCL_L_WID TYPE SWW_WIID,
L_STATUS TYPE SWR_WISTAT-STATUS,
L_NEW_STATUS TYPE SWR_WISTAT,
L_SWR_MESSAG TYPE STANDARD TABLE OF SWR_MESSAG,
L_SWR_MSTRUC TYPE STANDARD TABLE OF SWR_MSTRUC.
Get work item
CALL METHOD WI_CONTEXT->GET_WORKITEM_ID
RECEIVING
RE_WORKITEM = LCL_L_WID.
L_STATUS = 'READY'.
CALL FUNCTION 'SAP_WAPI_SET_WORKITEM_STATUS'
EXPORTING
WORKITEM_ID = LCL_L_WID
STATUS = L_STATUS
USER = SY-UNAME
LANGUAGE = SY-LANGU
DO_COMMIT = 'X'
IMPORTING
NEW_STATUS = L_NEW_STATUS
RETURN_CODE = SY-SUBRC
TABLES
MESSAGE_LINES = L_SWR_MESSAG
MESSAGE_STRUCT = L_SWR_MSTRUC.
IF SY-SUBRC EQ 0.
ENDIF.
ENDMETHOD.
Thank You Once Again,
Ajay Kumar Chippa -
Background: For work I routinely need to connect to a secure VPN that is completely isolated from the internet. When using it, I can only connect to the servers that reside within the network and the VPN software (Cisco AnyConnect + NAC Agent) seems to automatically redirect all http requests to external sites to a catch-all 'sorry you can't do that' page.
So while connected to the VPN, Firefox Sync doesn't work and nor do I expect it to. However, my issue is that every time I connect to the VPN, Firefox silently pops up a "sync encountered an error while syncing" error message bar at the bottom of the browser, which I have to manually close. This obviously isn't the end of the world, but having to do it all the time gets annoying so I was wondering if there was a way of suppressing that particular error message or maybe getting Sync to handle the secure VPN more gracefully.I don't know about blocking that message, but my suggestion is to turn Sync autoconnect off, and use Sync manually.
Type '''about:config''' in the URL bar and hit Enter. <br />
Then type '''''autoconnect''''' in the Search bar at the top. <br />
'''services.sync.autoconnect''' = double-click that pref to toggle it to '''false'''.
Then to trigger a Sync manually, hit '''Sync Now''' in the Firefox menu ''(or the File menu)''. -
Facetime: The server has encountered an error while processing the registration
I always used FaceTime normally this morning gives me this error after entering Apple ID credentials. I tried to edit the hosts file and delete the certificate but both solutions are not served. Can you help me?
thankscan anyone help me? Please
-
Event ID 11 - Encountered Duplicate Names
Hi,
I am getting below error in my DC. A number of this errors with much PC.
- Why this error occurs ??
- How can fix it ??
ThanksHi,
Please follow the link below to find the duplicate SPN and remove it to see if the issue persists:
Event ID 11 — Service Principal Name Configuration
If the above is not helpful, please feel free to let me know.
Best reagrds,
Susie -
What do you do when you down load a $32 dollar audio book and part 2 goes missing during the processing stage and i cant find it anywhere?
If it's not in the Music app on your phone, and you can't find it via the phone's spotlight search screen, then try the 'report a problem' page to contact iTunes Support : http://reportaproblem.apple.com
If the 'report a problem' link doesn't work then you can try contacting iTunes Support via this page : http://www.apple.com/support/itunes/contact/ - click on Contact iTunes Store Support on the right-hand side of the page, then Purchases, Billing & Redemption -
How to tune the query for duplicate records while joining the two tables
hi,i am executing the query which has retrieving multiple tables,in which one of them has duplicate record,how to get single record
Not enough info...subject says "tune" the query, message says "write" the query...and where is actual query that you had tried ?
-
We are using .asmx services for SharePoint features such as comments, and rating.
Service
Feature used
http://<<hostname>>/_vti_bin/socialdataservice.asmx
Commenting, Rating
http://<<hostname>>/_vti_bin/UserProfileService.asmx
For out of box workflows
In SharePoint 2013,
SharePoint – 80 web application is on claims based mode and user is logging in with windows authentication. With logged-in client context used to call SharePoint's default web service, we are getting below error message from
web service (Social data and user profile services).
Server was unable to process request. ---> The corresponding SID in the domain is not part of the intended account type.
When the service is accessed using console application with Visual Studio credentials (logged in user), we are able to access the service. Below is the code snippet
using (SocialDataService
service = new
SocialDataService())
service.Credentials =
CredentialCache.DefaultCredentials;
SocialCommentDetail detail = service.AddComment("<<url>>",
"Test Comment",
null,
null);
Are SharePoint 2013 web services not supporting request coming with claim based authentication web application?
Thanks, Pratik Agrawal (MAQ Software)While this applies to 2010, I believe the same is true with 2013:
http://social.technet.microsoft.com/Forums/sharepoint/en-US/925e5f46-317f-46d3-bc55-c67f07eb2372/call-sharepoint-web-services-using-claimbased-authentication?forum=sharepointgeneralprevious
Trevor Seward
Follow or contact me at...
  
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs. -
Error while processing the dimension
Multiple Specification of the Name 'HIR' as a Component Name (Component 6)
this is the error i am geting while processing the dimensionHi,
Do you get this error while processing all the dimension or only in specific dimension?
Do you have hierarchies in this dimension? Have you added the hierarchy in the property (you should not).
Maybe you are looking for
-
Can i add an if statement anywhere in this code?
I need to add an if statement anywhere in this code, it doesnt matter where, but if it is nested it would be better. any ideas? import java.text.DecimalFormat; import javax.swing.JOptionPane; import javax.swing.*; import java.util.*; import static ja
-
Why I cant view my picture on my iphoto and if I try to copy to any folder it Shows "The item on the clipboard cant be pasted to this location. (One or more of the item may have been deleted or are no longer available) "
-
Limiting the values in a lookup table
Hello everyone. I was wondering if it is possible to limit the selectable values in a lookup table based on certain criteria, foremost the content of a separate field. Example: A product has a measurement key that determines which sizes are valid for
-
Audio book didn't show up after download
I paid for, and downloaded an audio book, but it doesn't show up!!
-
Hi we have migrated our MDM 5.5 from SP3 to SP4. Aftert this upgrade we have checked the syndication mappings for a copy of vendor repository and we have found out that in our syndication mappings, those mappings against qualified tables have dissape