You want to use setspn.exe to manage your SPN's not ADSIedit.
Here's a link with a CRM specific how-to and an explanation of why you do it that way . http://blog.sonomapartners.com/2007/04/kerberos_and_de.html Your setup as evidenced below also begs the question- Why in <insert deity's name> are you running anything like this under the administrator's account? From: Stefan Jafs [mailto:[email protected]] Sent: Tuesday, April 07, 2009 11:04 AM To: NT System Admin Issues Subject: KDC event 11 errors I'm getting the following error on my DC: There are multiple accounts with name host/mscrm.amico.com of type DS_SERVICE_PRINCIPAL_NAME. I have been able to dump this using LD=difde: dn: CN=Administrator,CN=Users,DC=amico,DC=com changetype: add servicePrincipalName: MSSQLSvc/amico-bak.amico.com:1127 servicePrincipalName: MSSQLSvc/amico-wsus.amico.com:1433 servicePrincipalName: MSSQLSvc/ACSBV.amico.com:1433 servicePrincipalName: MSSQLSvc/accdata.amico.com:1433 servicePrincipalName: {14E52635-0A95-4a5c-BDB1-E0D0C703B6C8}/DATA120 servicePrincipalName: {14E52635-0A95-4a5c-BDB1-E0D0C703B6C8}/data120.amico.com servicePrincipalName: MSSQLSvc/amico-sql.amico.com:1433 servicePrincipalName: HOST/MSCRM servicePrincipalName: HOST/mscrm.amico.com dn: CN=MSCRM,OU=Servers,OU=Resources,DC=amico,DC=com changetype: add servicePrincipalName: MSSQLSvc/mscrm.amico.com:2928 servicePrincipalName: MSSQLSvc/mscrm.amico.com:1433 servicePrincipalName: MSSQLSvc/mscrm servicePrincipalName: SMTPSVC/MSCRM servicePrincipalName: SMTPSVC/mscrm.amico.com servicePrincipalName: HOST/MSCRM servicePrincipalName: HOST/mscrm.amico.com So it looks like MSCRM and mscrm.amico.com are duplicated, is this correct? Using ADSI Edit where do I go to delete the duplicated? ___________________________________ Stefan Jafs This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the Amico Corpoartion company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
