Event: Event Type: Error
Event Source: KDC
Event Category: None
Event ID: 11
User: N/A
Computer: ComputerName
Description: There are multiple accounts with name HOST/machinename of type DS_SERVICE_PRINCIPAL_NAME
Example:
Event Type: Error
Event Source: KDC
Event Category: None
Event ID: 11
User: N/A
Computer: ComputerName
Description: There are multiple accounts with name MSSQLSvc/Win2k3-DC.contoso.com:1433 of type DS_SERVICE_PRINCIPAL_NAME
Reason: This happenes when we have duplicate SPN registered for the same Service Account. SPN can be either registered automatically if the service is running in the context of SYSTEM account or in case the service is running in the context of a self created service account then we have to manually register the SPN.
In the above example their is a duplicate SPN: MSSQLSvc/Win2k3-DC.contoso.com:1433
There are different ways to search for duplicate SPN but we will discuss here only one of those way
Take the ldifde dump of the complete domain :
ldifde -d <domain name> -f <Output File Name>
ldifde -d dc=contoso,dc=com -f ldifde.txt
Once we get the complete dump of the domain, we can simple do a search in that file for the above SPN mentioned in the Event (KDC 11)
Here, we will find at least 2 entries of that SPN. Usually, 1st entry is in the "administrator" account or the "Machine" account and the 2nd entry is in the "Service" account through which the service is running
Now the question is which SPN to be Removed?
The answer to this is preety simple. Check the Service Snap In (Usually SQL) on the machine and see through which account is the service running.
If the service is running in "SYSTEM" account then remove the SPN from the"Service" account that the customer has created and if the SQL service is running in the context of the "Service" account then remove the SPN from the other account mentioned in the ldifde dump
