Hello together,
I have a problem
In my AD I got this error thousends of times on every DC:
Source: KDC
Category: None
Type: Error
Event ID: 11
User: N/A
Computer: <DC>
The description varies slightly:
There are multiple accounts with name
- host/bpopen-iis-04 bl.bpopen.mydomain.com
- host/bpopen-iis-03.bl.bpopen.mydomain.com
- host/BPOPEN-IIS-03.bl.bpopen.mydomain.com
- host/BPOPEN-IIS-04.bl.bpopen.mydomain.com
- RPCSS/BPOPEN-IIS-03.bl.bpopen.mydomain.com
- RPCSS/BPOPEN-IIS-04.bl.bpopen.mydomain.com
of type DS_SERVICE_PRINCIPAL_NAME.
I found a very good thread in here which describes that problem exactly.
But while searching after the duplicates with
"ldifde -f check_SPN2.txt -t 3268 -d "" -l servicePrincipalName -r "(serviceP
rincipalName=HOST/bpopen-iis-04*)" -p subtree"
it returnes 19(!) accounts
So my questions are:
* Do I have to clear all the SPNs?
* Which one will cary the principale name at least?
Thank you all for your help in advance!
Alfred
Bookmarks