adfind -gc -null -f serviceprincipalname=<insert SPN here> -dn
 
That will search your entire GC which you must do, you can't just focus on a
single domain like I saw a previous dsquery command do.
 
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm 
 
 

  _____  

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of hboogz
Sent: Thursday, November 16, 2006 2:38 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Kerberos is Killing Me!


Joe,

how do i find out if there are any duplicate SPN's ?


On 11/16/06, joe <[EMAIL PROTECTED]> wrote: 

Do you have any duplicate SPNs? Well specifically the SPNs mentioned in the
error?
 
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm 
 
 

  _____  

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of hboogz
Sent: Thursday, November 16, <javascript:void(0)>  2006 12 :09 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Kerberos is Killing Me!




I am having continued issues with Kerberos. I tried running tokensz against
the problem server and i get this error message..

C:\Tools>tokensz /compute_tokensize /package:negotiate /use_delegation
/target_s
erver:host/phmaindc1

Name: Negotiate Comment: Microsoft Package Negotiator
Current PackageInfo->MaxToken: 12128

Asked for delegate, but didn't get it.
Check if server is trusted for delegation.

QueryKeyInfo:
Signature algorithm =
Encrypt algorithm = RSADSI RC4
KeySize = 128
Flags = 2001c
Signature Algorithm = -138
Encrypt Algorithm = 26625
QueryContextAttributes (lifespan): Status = <javascript:void(0)>  2148074242
0x80090302 SEC_E_NOT_SUPP 
ORTED


any ideas ?

I keep getting the following event log message on a domain controller which
prevents users from accessing it and authenticating to it.

Event Type:    Error
Event Source:    Kerberos
Event Category:    None
Event ID:    4
Date:        11/16/2006
Time:        12:02:37 PM 
User:        N/A
Computer:    PHMAINDC1
Description:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server
host/phmaindc1.phippsny.org.  The target name used was host/phprint1. This
indicates that the password used to encrypt the kerberos service ticket is
different than that on the target server. Commonly, this is due to
identically named  machine accounts in the target realm ( PHIPPSNY.ORG), and
the client realm.   Please contact your system administrator.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


Help!



-- 
HBooGz:\> 




-- 
HBooGz:\> 

Reply via email to