locked
Multiple accounts with name MSOMSdkSvc/fkv01SM of type DS_SERVICE_PRINCIPAL_NAME RRS feed

  • Question

  • Whe are getting errors in the system log on a DC that says that we have multiple accounts (event id 11). But I can't understand which accounts that are duplicate. When I run the setspn command I get the following results:

    setspn -T unionen -Q */fkv01sm
    Checking domain DC=Unionen,DC=se
    CN=S1SMservice,OU=Systemkonton,OU=Users,OU=Supreme,DC=Unionen,DC=se
            MSOMSdkSvc/FKV01DW
            MSOMSdkSvc/FKV01DW.Unionen.se
            MSOMSdkSvc/FKV01SM
            MSOMSdkSvc/fkv01sm.Unionen.se
    CN=FKV01SM,OU=ServiceManager,OU=1.0,OU=Servers,DC=Unionen,DC=se
            MSSQLSvc/fkv01sm.Unionen.se:1433
            MSSQLSvc/fkv01sm.Unionen.se
            tapinego/fkv01sm.Unionen.se
            tapinego/FKV01SM
            MSOMSdkSvc/FKV01SM
            MSOMSdkSvc/fkv01sm.Unionen.se
            WSMAN/fkv01sm
            WSMAN/fkv01sm.Unionen.se
            TERMSRV/fkv01sm.Unionen.se
            TERMSRV/FKV01SM
            RestrictedKrbHost/FKV01SM
            HOST/FKV01SM
            RestrictedKrbHost/FKV01SM.Unionen.se
            HOST/FKV01SM.Unionen.se

    Existing SPN found!

    setspn -X

    Checking domain DC=Unionen,DC=se
    Processing entry 15
    MSOMSdkSvc/FKV01SM is registered on these accounts:
            CN=S1SMservice,OU=Systemkonton,OU=Users,OU=Supreme,DC=Unionen,DC=se
            CN=FKV01SM,OU=ServiceManager,OU=1.0,OU=Servers,DC=Unionen,DC=se

    MSOMSdkSvc/fkv01sm.Unionen.se is registered on these accounts:
            CN=S1SMservice,OU=Systemkonton,OU=Users,OU=Supreme,DC=Unionen,DC=se
            CN=FKV01SM,OU=ServiceManager,OU=1.0,OU=Servers,DC=Unionen,DC=se

    found 2 groups of duplicate SPNs.

    We're also getting a lot of errors with id 4666 in the Service Manager server's Security log. Could this be a part of the problem?

    How can I correct this problem?

    Regards

    Marcus

    Thursday, September 6, 2012 2:14 PM