none
2012R2 DC - AD LDS Service Principal Names - Duplicates RRS feed

  • Question

  • Hello

    After installing the first domain controller with 2012R2, we see the following error in the directory service log on the new 2102R2 domain controller:

    The attribute value provided is not unique in the forest or partition. Attribute: servicePrincipalName Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP12345:50000
    CN=APP12345,OU=App1,OU=Servers,DC=DOMAIN12345,DC=LOCAL
    Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP12345:50000
    CN=APP12345,OU=App1,OU=Servers,DC=DOMAIN12345,DC=LOCAL
    CN=APP12345,OU=App1,OU=Servers,DC=DOMAIN12345,DC=LOCAL
    CN=APP12345,OU=App1,OU=Servers,DC=DOMAIN12345,DC=LOCAL Winerror: 8647 
     See http://go.microsoft.com/fwlink/?LinkID=279782 for more details on this policy.

    it seems to be related to the SPN for: AD LDS

    http://technet.microsoft.com/pt-br/subscriptions/cc816802

    http://technet.microsoft.com/en-us/library/dn535779.aspx

    The error only occure for member servers where AD LDS are installed. (application dependency)

    replication status is ok.

    Any ideas on how this error should be handled/corrected?

    Erlend



    Thursday, August 14, 2014 11:57 AM

All replies

  • search the directory to find the duplicates e.g.

    dsquery * -filter servicePrincipalName=* -attr Name

    SPNs have to be unique the SPN might be part of both a computer account and a service account if you run ADLDS/ADAM under a Service Account.


    Enfo Zipper
    Christoffer Andersson – Principal Advisor
    http://blogs.chrisse.se - Directory Services Blog

    Thursday, August 14, 2014 2:20 PM
  • Hello

    i have identified all the affected objects (servers), but:

    as the error states: 

    The attribute value provided is not unique in the forest or partition. Attribute: servicePrincipalName Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM

    This value is added on all the servers where AD LDS is installed.

    E3514235-4B06-11D1-AB04-00C04FC2DCD2-AD

    from: http://technet.microsoft.com/pt-br/subscriptions/cc816802

    the Service-Principal-Name attribute on the computer object that represents the computer on which the AD LDS instance is running. The values that the AD LDS instance attempts to register include the following:

    • E3514235-4B06-11D1-AB04-00C04FC2DCD2-AD LDS\netbiosname:port
    • E3514235-4B06-11D1-AB04-00C04FC2DCD2-AD LDS\dnshostname:port

    this check was introduced in 2012R2

    this error is repeated for every affected object/server:

    The attribute value provided is not unique in the forest or partition. Attribute: servicePrincipalName Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP12345:50000
    CN=APP12345,OU=App1,OU=Servers,DC=DOMAIN12345,DC=LOCAL
    Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP12345:50000
    CN=APP12345,OU=App1,OU=Servers,DC=DOMAIN12345,DC=LOCAL
    CN=APP12345,OU=App1,OU=Servers,DC=DOMAIN12345,DC=LOCAL
    CN=APP12345,OU=App1,OU=Servers,DC=DOMAIN12345,DC=LOCAL Winerror: 8647 
     See http://go.microsoft.com/fwlink/?LinkID=279782 for more details on this policy.


    Thursday, August 14, 2014 2:34 PM
  • Se the following article: http://technet.microsoft.com/en-us/library/dn535779.aspx

    The SPN most be unique and the following are unique hence they add the netbiosname and dnshostname:

    • E3514235-4B06-11D1-AB04-00C04FC2DCD2-AD LDS\netbiosname:port
    • E3514235-4B06-11D1-AB04-00C04FC2DCD2-AD LDS\dnshostname:port


    The conflicting object most have an exactly matching SPN to be in conflict. So you haven't identified the conflicting objects as far as I can tell.


    Enfo Zipper
    Christoffer Andersson – Principal Advisor
    http://blogs.chrisse.se - Directory Services Blog

    Thursday, August 14, 2014 2:41 PM
  • ok, how would you interpret this?

    this is just a few of the events, domain and username have been modified.

    Log Name:      Directory Service
    Source:        Microsoft-Windows-ActiveDirectory_DomainService
    Date:          14.08.2014 21:34:57
    Event ID:      2974
    Task Category: Global Catalog
    Level:         Error
    Keywords:      Classic
    User:          DOMAIN\72933a1234
    Computer:      DC2.DOMAIN.LOCAL
    Description:
    The attribute value provided is not unique in the forest or partition. Attribute: servicePrincipalName Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP72933:50000
    CN=APP72933,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP72933:50000
    CN=APP72933,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    CN=APP72933,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    CN=APP72933,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL Winerror: 8647 
     See http://go.microsoft.com/fwlink/?LinkID=279782 for more details on this policy.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS General" />
        <EventID Qualifiers="49152">2974</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>18</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <TimeCreated SystemTime="2014-08-14T19:34:57.364335500Z" />
        <EventRecordID>400</EventRecordID>
        <Correlation />
        <Execution ProcessID="608" ThreadID="2276" />
        <Channel>Directory Service</Channel>
        <Computer>DC2.DOMAIN.LOCAL</Computer>
        <Security UserID="S-1-5-21-329068152-484763869-839522115-16499" />
      </System>
      <EventData>
        <Data>servicePrincipalName</Data>
        <Data>Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP72933:50000
    CN=APP72933,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP72933:50000
    CN=APP72933,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    CN=APP72933,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    CN=APP72933,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL</Data>
        <Data>8647</Data>
      </EventData>
    </Event>

    Log Name:      Directory Service
    Source:        Microsoft-Windows-ActiveDirectory_DomainService
    Date:          14.08.2014 21:28:38
    Event ID:      2974
    Task Category: Global Catalog
    Level:         Error
    Keywords:      Classic
    User:          DOMAIN\71520a1234
    Computer:      DC2.DOMAIN.LOCAL
    Description:
    The attribute value provided is not unique in the forest or partition. Attribute: servicePrincipalName Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP71520:50000
    CN=APP71520,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP71520:50000
    CN=APP71520,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    CN=APP71520,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    CN=APP71520,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL Winerror: 8647 
     See http://go.microsoft.com/fwlink/?LinkID=279782 for more details on this policy.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS General" />
        <EventID Qualifiers="49152">2974</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>18</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <TimeCreated SystemTime="2014-08-14T19:28:38.889497700Z" />
        <EventRecordID>399</EventRecordID>
        <Correlation />
        <Execution ProcessID="608" ThreadID="6792" />
        <Channel>Directory Service</Channel>
        <Computer>DC2.DOMAIN.LOCAL</Computer>
        <Security UserID="S-1-5-21-329068152-484763869-839522115-20445" />
      </System>
      <EventData>
        <Data>servicePrincipalName</Data>
        <Data>Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP71520:50000
    CN=APP71520,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP71520:50000
    CN=APP71520,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    CN=APP71520,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    CN=APP71520,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL</Data>
        <Data>8647</Data>
      </EventData>
    </Event>

    Log Name:      Directory Service
    Source:        Microsoft-Windows-ActiveDirectory_DomainService
    Date:          14.08.2014 21:24:56
    Event ID:      2974
    Task Category: Global Catalog
    Level:         Error
    Keywords:      Classic
    User:          DOMAIN\73843a1234
    Computer:      DC2.DOMAIN.LOCAL
    Description:
    The attribute value provided is not unique in the forest or partition. Attribute: servicePrincipalName Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP73843:50000
    CN=APP73843,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP73843:50000
    CN=APP73843,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    CN=APP73843,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    CN=APP73843,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL Winerror: 8647 
     See http://go.microsoft.com/fwlink/?LinkID=279782 for more details on this policy.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS General" />
        <EventID Qualifiers="49152">2974</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>18</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <TimeCreated SystemTime="2014-08-14T19:24:56.574149300Z" />
        <EventRecordID>398</EventRecordID>
        <Correlation />
        <Execution ProcessID="608" ThreadID="4564" />
        <Channel>Directory Service</Channel>
        <Computer>DC2.DOMAIN.LOCAL</Computer>
        <Security UserID="S-1-5-21-329068152-484763869-839522115-20469" />
      </System>
      <EventData>
        <Data>servicePrincipalName</Data>
        <Data>Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP73843:50000
    CN=APP73843,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP73843:50000
    CN=APP73843,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    CN=APP73843,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    CN=APP73843,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL</Data>
        <Data>8647</Data>
      </EventData>
    </Event>

    Log Name:      Directory Service
    Source:        Microsoft-Windows-ActiveDirectory_DomainService
    Date:          14.08.2014 21:18:14
    Event ID:      2974
    Task Category: Global Catalog
    Level:         Error
    Keywords:      Classic
    User:          DOMAIN\29648a1234
    Computer:      DC2.DOMAIN.LOCAL
    Description:
    The attribute value provided is not unique in the forest or partition. Attribute: servicePrincipalName Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP29648:50000
    CN=APP29648,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP29648:50000
    CN=APP29648,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    CN=APP29648,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    CN=APP29648,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL Winerror: 8647 
     See http://go.microsoft.com/fwlink/?LinkID=279782 for more details on this policy.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS General" />
        <EventID Qualifiers="49152">2974</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>18</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <TimeCreated SystemTime="2014-08-14T19:18:14.332922200Z" />
        <EventRecordID>397</EventRecordID>
        <Correlation />
        <Execution ProcessID="608" ThreadID="4164" />
        <Channel>Directory Service</Channel>
        <Computer>DC2.DOMAIN.LOCAL</Computer>
        <Security UserID="S-1-5-21-329068152-484763869-839522115-17716" />
      </System>
      <EventData>
        <Data>servicePrincipalName</Data>
        <Data>Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP29648:50000
    CN=APP29648,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP29648:50000
    CN=APP29648,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    CN=APP29648,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    CN=APP29648,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL</Data>
        <Data>8647</Data>
      </EventData>
    </Event>

    Log Name:      Directory Service
    Source:        Microsoft-Windows-ActiveDirectory_DomainService
    Date:          14.08.2014 21:03:07
    Event ID:      2974
    Task Category: Global Catalog
    Level:         Error
    Keywords:      Classic
    User:          DOMAIN\22659a1234
    Computer:      DC2.DOMAIN.LOCAL
    Description:
    The attribute value provided is not unique in the forest or partition. Attribute: servicePrincipalName Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP22659:50000
    CN=APP22659,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP22659:50000
    CN=APP22659,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    CN=APP22659,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    CN=APP22659,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL Winerror: 8647 
     See http://go.microsoft.com/fwlink/?LinkID=279782 for more details on this policy.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS General" />
        <EventID Qualifiers="49152">2974</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>18</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <TimeCreated SystemTime="2014-08-14T19:03:07.894010100Z" />
        <EventRecordID>396</EventRecordID>
        <Correlation />
        <Execution ProcessID="608" ThreadID="7072" />
        <Channel>Directory Service</Channel>
        <Computer>DC2.DOMAIN.LOCAL</Computer>
        <Security UserID="S-1-5-21-329068152-484763869-839522115-17717" />
      </System>
      <EventData>
        <Data>servicePrincipalName</Data>
        <Data>Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP22659:50000
    CN=APP22659,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP22659:50000
    CN=APP22659,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    CN=APP22659,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    CN=APP22659,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL</Data>
        <Data>8647</Data>
      </EventData>
    </Event>

    Log Name:      Directory Service
    Source:        Microsoft-Windows-ActiveDirectory_DomainService
    Date:          14.08.2014 20:44:33
    Event ID:      2974
    Task Category: Global Catalog
    Level:         Error
    Keywords:      Classic
    User:          DOMAIN\29615a1234
    Computer:      DC2.DOMAIN.LOCAL
    Description:
    The attribute value provided is not unique in the forest or partition. Attribute: servicePrincipalName Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP29615R2:50000
    CN=APP29615R2,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP29615R2:50000
    CN=APP29615R2,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    CN=APP29615R2,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    CN=APP29615R2,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL Winerror: 8647 
     See http://go.microsoft.com/fwlink/?LinkID=279782 for more details on this policy.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS General" />
        <EventID Qualifiers="49152">2974</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>18</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <TimeCreated SystemTime="2014-08-14T18:44:33.662067700Z" />
        <EventRecordID>395</EventRecordID>
        <Correlation />
        <Execution ProcessID="608" ThreadID="6388" />
        <Channel>Directory Service</Channel>
        <Computer>DC2.DOMAIN.LOCAL</Computer>
        <Security UserID="S-1-5-21-329068152-484763869-839522115-3553" />
      </System>
      <EventData>
        <Data>servicePrincipalName</Data>
        <Data>Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP29615R2:50000
    CN=APP29615R2,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP29615R2:50000
    CN=APP29615R2,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    CN=APP29615R2,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
    CN=APP29615R2,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL</Data>
        <Data>8647</Data>
      </EventData>
    </Event>

    example of spn for one server:

    any ideas?

    Thursday, August 14, 2014 7:49 PM
  • Can you run the following command and post back the output:

    dsquery * -filter servicePrincipalName=<SPN> -attr Name


    where <SPN> is: E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP12345:50000


    Enfo Zipper
    Christoffer Andersson – Principal Advisor
    http://blogs.chrisse.se - Directory Services Blog

    Thursday, August 14, 2014 8:27 PM
  • C:\Tools>dsquery * -filter servicePrincipalName=E3514235-4B06-11D1-AB04-00C04FC2
    DCD2-ADAM/APP29615R2:50000 -attr Name
      Name
      APP29615R2

    C:\Tools>
    Thursday, August 14, 2014 8:34 PM
  • Thanks. Hmm this is indeed strange. Do you have more than one domain in the forest?

    Enfo Zipper
    Christoffer Andersson – Principal Advisor
    http://blogs.chrisse.se - Directory Services Blog

    Friday, August 15, 2014 12:36 AM
  • no, single domain 3 domain controllers

    1 with 2012R2

    2 with 2008R2 SP1

    Friday, August 15, 2014 5:45 AM
  • Hi,

    Please use the setspn.exe to view the current SPN.

    Setspn.exe has had duplicate SPN detection built-in to it since the Windows Server 2008 release when using the "-S"  option.  You can bypass the duplicate SPN detection by using the "-A" option however.

    http://technet.microsoft.com/en-us/library/cc731241.aspx

    Regards.


    Vivian Wang

    Monday, August 18, 2014 6:46 AM
    Moderator
  • C:\Windows\system32>setspn.exe -l app71670
    Registered ServicePrincipalNames for CN=APP71670,OU=Application,OU=Servers,DC=ON
    ETT,DC=LOCAL:
            E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP71670:50000
            E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP71670.DOMAIN.LOCAL:50000
            ldap/APP71670:50000
            ldap/APP71670.DOMAIN.LOCAL:50000
            WSMAN/APP71670.DOMAIN.LOCAL
            WSMAN/APP71670
            TERMSRV/APP71670.DOMAIN.LOCAL
            TERMSRV/APP71670
            RestrictedKrbHost/APP71670
            HOST/APP71670
            RestrictedKrbHost/APP71670.DOMAIN.LOCAL
            HOST/APP71670.DOMAIN.LOCAL

    C:\Windows\system32>
    Monday, August 18, 2014 7:03 AM
  • Hi,

    The event 2974 lists the value that was blocked and a list of one or more objects (up to 10) that already contain that value.

    Did you find any other event about duplicated SPN?

    Please refer to the similar threads:

    SPN duplicate name Error on DC

    http://social.technet.microsoft.com/forums/windowsserver/en-US/3c0824e1-92b1-41a1-99b5-03935518602e/spn-duplicate-name-error-on-dc

    Regards.


    Vivian Wang

    Thursday, August 21, 2014 6:19 AM
    Moderator
  • Hi,

    Any update about the issue?

    Please feel free to let us know if you need further assistance.

    Regards.


    Vivian Wang

    Monday, August 25, 2014 1:56 AM
    Moderator
  • Hello

    Microsoft technical support are currently working on this problem.

    i will update this thread when they are done.

    Erlend

    Monday, August 25, 2014 6:10 AM
  • Hi,

    Thanks for your response.

    Please feel free to let us know if you have any update.

    Regards.


    Vivian Wang

    Wednesday, August 27, 2014 1:37 AM
    Moderator
  • Hi Erlend,

    I have the same problem....

    Microsoft have resolved this problem ?

    thanks,

    Max  

    Monday, September 15, 2014 1:41 PM
  • Hi

    Microsoft have concluded that the error's are generated because of a 3.party application (Visma User Directory, running on member servers in the domain) from Visma www.visma.com that uses AD LDS.

    Some of our Visma User Directory installations tries to re-create/register SPN evry 1 hour.
    i have reported the issue to Visma.

    So from Microsoft perspective this is how it should be on a 2012R2 domain controller, and i agree with them.

    Erlend

    Monday, September 15, 2014 1:49 PM
  • Hi,

    thank you so much for sharing your case ....
    in my situation was SCCM AMT  Provisioning  that generated this problem.

    Me too i agree with microsoft.

    Max

    Tuesday, September 16, 2014 2:06 PM