RE: [ActiveDir] FW: KDC Errors--Help

[joe]

ldp is a pain... To easy to blow the various options as they are in all sorts of different places.

 

Try this

 

adfind -gc -b "" -f "&(objectcategory=computer)(servicePrincipalName=MSSQLSvc/ourserver.ourdomain.org:1523)" servicePrincipalName

 

 

That will dump all objects (and SPNs) with that specific SPN.

 

  joe

---

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christine Allen
Sent: Tuesday, October 19, 2004 4:26 PM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] FW: KDC Errors--Help

I believe I did it correct, but those are famous last words.....

 

Once I connect using LDP I choose browse/search  For my search entry I choose:

 

Base DN: dc=mydomain,dc=com

Filter: serviceprincipalname=MSSQLSvc/server.mydomain.org:1523

Scope: Subtree

under options I had to add the "serviceprincipalname" under attributes.

 

For the Matched DNs I get 0 entries.

 

Can you see what I'm dong wrong??  Thanks so much for your help!

 

-Christine

Christine N. Allen
Citrix/Windows 2000 Engineer
BMC Healthnet Plan
One Design Center Place
Boston, MA 02210

Work:  617-748-6034
Cell:  617-290-4407
 

-----Original Message-----
From: Mulnick, Al [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 19, 2004 1:54 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] FW: KDC Errors--Help

Yep.  Seen it.  If you're not finding it with LDP, you may just have the search criteria wrong. 

 

When you search, it should be starting from the root of the domain should have a filter of something like:

 

(serviceprincipalname=MSSQLSvc/ourserver.ourdomain.org:1523)

 

That should return all accounts that have this entered.

 

Do you still get different results?

---

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christine Allen
Sent: Tuesday, October 19, 2004 1:47 PM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] FW: KDC Errors--Help

 

Running Windows 2000 AD with SP 3.  Since October 9th we have been getting event errors

 

Source: KDC

Event 11

There are multiple accounts with name MSSQLSvc/ourserver.ourdomain.org:1523 of type 10.

This error has been happening on just one of our domain controllers.  I installed setspn.exe on the problem server and it lists only one account. 

I also used LDP.exe which did displayed 0 results.  I tried all the resolutions on 321044, but I got nada.

Has anyone else had this issue?  If anyone can explain why this would happen all of a sudden I would really appreciate it.  Thanks!

 

-Christine

Christine N. Allen
Citrix/Windows 2000 Engineer
BMC Healthnet Plan
One Design Center Place
Boston, MA 02210

Work:  617-748-6034
Cell:  617-290-4407