locked
Event 11 The KDC encountered duplicate names while processing a Kerberos authentication request. (of type KEY ID) RRS feed

  • Question

  • I have recently migrated a Windows 2012 R2 DC to Windows Server 2016. Afterwards I started noticing series of this particular error.

    Log Name:      System

    Source:        Microsoft-Windows-Kerberos-Key-Distribution-Center

    Date:          11/27/2018 9:24:24 AM

    Event ID:      11

    Task Category: None

    Level:         Error

    Keywords:      Classic

    User:          N/A

    Computer:      BBL-DC-CDC01.bd.bracbank.com

    Description:

    The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is D5B2E9E1E8C74C45D7F939E93ED09C7B0315FE69EE06D2F2458E0A050E453763 (of type KEY ID). This may result in authentication failures or downgrades to NTLM. In order to prevent this from occurring remove the duplicate entries for D5B2E9E1E8C74C45D7F939E93ED09C7B0315FE69EE06D2F2458E0A050E453763 in Active Directory.

    Event Xml:

    <Event xmlns="">

      <System>

        <Provider Name="Microsoft-Windows-Kerberos-Key-Distribution-Center" Guid="{3FD9DA1A-5A54-46C5-9A26-9BD7C0685056}" EventSourceName="KDC" />

        <EventID Qualifiers="49152">11</EventID>

        <Version>0</Version>

        <Level>2</Level>

        <Task>0</Task>

        <Opcode>0</Opcode>

        <Keywords>0x80000000000000</Keywords>

        <TimeCreated SystemTime="2018-11-27T03:24:24.310757900Z" />

        <EventRecordID>3984</EventRecordID>

        <Correlation />

        <Execution ProcessID="0" ThreadID="0" />

        <Channel>System</Channel>

        <Computer>BBL-DC-CDC01.bd.bracbank.com</Computer>

        <Security />

      </System>

      <EventData>

        <Data Name="Name">D5B2E9E1E8C74C45D7F939E93ED09C7B0315FE69EE06D2F2458E0A050E453763</Data>

        <Data Name="Type">KEY ID</Data>

        <Binary>

        </Binary>

      </EventData>

    </Event>

    I have been struggling with this error for the last few days. Even though Event 11 is a very common error and there are clear instructions on how to mitigate the error, they fail to address my specific scenario.

    All the solutions I got so far is related to "Type DS_SERVICE_PRINCIPAL_NAME" but mine is "Type KEY ID ". Basically this error says that KDC encountered duplicate names and then spits out a large string of hexadecimal no. rather than producing which SPN is duplicated. Therefore, it's difficult to solve the issue with "setspn" cmdlet.

    I'm an amateur when it comes to Windows Server Active Directory, so any help is highly appreciated. Thanks.

    Tuesday, November 27, 2018 7:35 AM

All replies

  • Hi,

    It is difficult to figure out factors with only event ID. Are there any evident symptoms like failing to log on or having no access to shared folder?

    Beside, since generally network trace and kerberos etl are in need when question is about kerberos, our suggestion is you submit a service request to MS Professional tech support service so that a dedicated Support Professional can give more rapid support. You can find the phone number in the following link.

    http://support.microsoft.com/gp/customer-service-phone-numbers/en-us

    Best regards,

    Lavilian



    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, November 28, 2018 6:59 AM
  • Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Lavilian


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, November 30, 2018 10:25 AM
  • Hi,

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.

    Best Regards,

    Lavilian


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, December 5, 2018 9:30 AM
  • Hi,
    I'm facing exactly the same problem.

    Description:

    The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is "DB24995A0739AD6EE5E45A59E3596BEF546D8B8D38060C2B8F844F0939AAAE9B" (of type KEY ID). This may result in authentication failures or downgrades to NTLM. In order to prevent this from occurring remove the duplicate entries for DB24995A0739AD6EE5E45A59E3596BEF546D8B8D38060C2B8F844F0939AAAE9B in Active Directory.

    Using setspn -x doesn't show any entry, so there are no duplicated SPNs.

    This error really drives me nuts, there are not much information about this event id.


    Is there any solution or progress for this phenomenon?

    Kind regards


    Tuesday, July 21, 2020 11:16 AM
  • Have a look over here.

    https://social.technet.microsoft.com/Forums/en-US/1dfd7ebc-38b6-49f9-b1f3-cc09236895e5/server-2016-active-directory-kerberoskdc-duplication-of-type-key-id?forum=ws2016

    Tuesday, July 28, 2020 11:27 AM