This is the output i received from adfind. C:\Tools\AdFind>adfind -default -f (servicePrincipalName=host/phmaindc1.phippsny .org) cn
AdFind V01.34.00cpp Joe Richards ([EMAIL PROTECTED]) November 2006 Using server: PHMAINDC1.phippsny.org:389 Directory: Windows Server 2003 Base DN: DC=phippsny,DC=org dn:CN=PHMAINDC1,OU=Domain Controllers,DC=phippsny,DC=org
cn: PHMAINDC1
1 Objects returned C:\Tools\AdFind>adfind -default -f (servicePrincipalName=host/phprint1.phippsny. org) cn AdFind V01.34.00cpp Joe Richards ([EMAIL PROTECTED]) November 2006 Using server: PHMAINDC1.phippsny.org:389 Directory: Windows Server 2003 Base DN: DC=phippsny,DC=org dn:CN=PHPRINT1,OU=Domain Controllers,DC=phippsny,DC=org
cn: PHPRINT1
1 Objects returned Those are my two domain controllers in the forest root domain ( phippsny.org ) i have a child domain and will run it against that child domain controller as well. On 11/16/06, hboogz <[EMAIL PROTECTED]> wrote:
I need to be able to find the SPN as the dsquery given didn't work for me. the host name without the dns suffix -- netbios name is phmaindc1 on top the issues i have now, replication from phmaindc1 doesn't work to the other dc's, but when i run a repadmin /showreps from the other domain contollers, replication TO phmaindc1 reports successfully. i don't have identically named hosts, never did but it sounds like it could be the issue. DNS is setup as AD-INT right now on all servers, reverse and forward zones. I need insight on how to find duplicate SPN's. On 11/16/06, Al Mulnick <[EMAIL PROTECTED]> wrote: > > Do you have identically named hosts? Maybe nic teaming gone wrong? > Clustering? > > Strange DNS? > > What exactly is the hostname supposed to be? host/phprint1? That's not > the same as the host name you're reporting from (SPN?) > > Al > > On 11/16/06, hboogz < [EMAIL PROTECTED]> wrote: > > > > > > I am having continued issues with Kerberos. I tried running tokensz > > against the problem server and i get this error message.. > > > > C:\Tools>tokensz /compute_tokensize /package:negotiate /use_delegation > > /target_s > > erver:host/phmaindc1 > > > > Name: Negotiate Comment: Microsoft Package Negotiator > > Current PackageInfo->MaxToken: 12128 > > > > Asked for delegate, but didn't get it. > > Check if server is trusted for delegation. > > > > QueryKeyInfo: > > Signature algorithm = > > Encrypt algorithm = RSADSI RC4 > > KeySize = 128 > > Flags = 2001c > > Signature Algorithm = -138 > > Encrypt Algorithm = 26625 > > QueryContextAttributes (lifespan): Status = 2148074242 0x80090302 > > SEC_E_NOT_SUPP > > ORTED > > > > > > any ideas ? > > > > I keep getting the following event log message on a domain controller > > which prevents users from accessing it and authenticating to it. > > > > Event Type: Error > > Event Source: Kerberos > > Event Category: None > > Event ID: 4 > > Date: 11/16/2006 > > Time: 12:02:37 PM > > User: N/A > > Computer: PHMAINDC1 > > Description: > > The kerberos client received a KRB_AP_ERR_MODIFIED error from the > > server host/phmaindc1.phippsny.org. The target name used was host/phprint1. > > This indicates that the password used to encrypt the kerberos service ticket > > is different than that on the target server. Commonly, this is due to > > identically named machine accounts in the target realm ( PHIPPSNY.ORG), > > and the client realm. Please contact your system administrator. > > > > For more information, see Help and Support Center at > > http://go.microsoft.com/fwlink/events.asp. > > > > > > Help! > > > > > > > > -- > > HBooGz:\> > > > -- HBooGz:\>
-- HBooGz:\>
