Todd this doesn't sound like a lingering object issue. If you have the object on DCs and GCs but GCs have different info for the attributes than the DCs that is a replication issue.
For your second question, if the lingering object has an SPN that is valid for some other valid object that will mess with kerberos. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CIT) Sent: Wednesday, July 07, 2004 10:44 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Question about KDC error 11. Greetings everyone, Happy 4th. Got a question for you all. I got an Event ID 11 saying that I had a duplicate SPN in the AD for a record. So I followed the instructions on Eventid.net to identify the source. Using LDP, I discovered that several GC's in domains seemed to have the dorked up SPN record in their GC's. The home DNC looks fine. So it looks like a job for Q314282 to fix it (Since we are still in Windows 2000) and can't use the advanced features of Repadmin. The question I have, besides getting an annoying message in the System Event Log, is there any known negative impact with leaving the lingering object in the GC if the server isn't a DC / DDNS server? Thanks, Todd List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
