Remove From My Forums

Remove duplicate SPN

Question
0

Sign in to vote

New at SPN’s I am working on a SBS 2008 server and have duplicate SPN's
I found this on the Microsoft web site which I have done until I get to the remove (3) the data below is from the setspn –X

Please help I think this is a common problem but I can't find a common solution not sure if the setspn -D would work
I have tryed to find them with ADSIEdit and LDP with no luck but not a expert with these tools

1) how do I know which is the duplicate I presume I delete 2 of the 4

2) what is <SPN> and <computername> in item 3 of remove SPN

To identify the duplicate SPN:

1.       Log on to the computer referenced in the event log message. If this computer is not running Windows Server 2008, you must download and install the Windows Server 2003 Resource Kit, which includes setspn.exe.

2.       Click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.

3.       If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

4.       Type setspn -X.

5.       The output of this command will show the duplicate SPNs.

6.       Use the following procedure to remove one of the duplicate SPNs.

Remove an SPN

To remove an SPN:

1.       Click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.

2.       If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

3.       Type setspn -D<SPN> <computer_name>, where SPN is the name of the duplicate SPN and computer_name is the name of the computer that is assigned the duplicate SPN.

C:\>setspn -X

Processing entry 0

{14E52635-0A95-4a5c-BDB1-E0D0C703B6C8}/FS1 is registered on these accounts:

        CN=Backup Exec,CN=Users,DC=dcb,DC=local

        CN=FS1,OU=Domain Controllers,DC=dcb,DC=local

{14E52635-0A95-4a5c-BDB1-E0D0C703B6C8}/FS1.dcb.local is registered on these accounts:

        CN=Backup Exec,CN=Users,DC=dcb,DC=local

        CN=FS1,OU=Domain Controllers,DC=dcb,DC=local

MSSQLSvc/FS1.dcb.local:45660 is registered on these accounts:

        CN=Newadm Administrator,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=dcb,DC=local

        CN=Backup Exec,CN=Users,DC=dcb,DC=local

MSSQLSvc/FS1.dcb.local:31612 is registered on these accounts:

        CN=Newadm Administrator,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=dcb,DC=local

        CN=Administrator,CN=Users,DC=dcb,DC=local

found 4 groups of duplicate SPNs.

C:\>

Thursday, September 10, 2009 2:05 PM

Answers

0

Sign in to vote
Don’t Know if this would help anyone with there SPN problems

I got rid of 2 of the duplicate SPN’s by going into Services stopping 2 of my SQL instances changing the username starting them and then stopping them and then change the username back then start them again.

I still have 2 duplicate SPN’s listed below

I guess the way to get rid of duplicate would be something like setspn -D<SPN> <computer_name> I would appreciate some help on this as I am not sure what the SPN would be and which one would be deleted I presume one is good and one is bad?

C:\Windows\System32\setspn -L FS1

Registered ServicePrincipalNames for CN=FS1,OU=Domain Controllers,DC=dcb,DC=local:
        {14E52635-0A95-4a5c-BDB1-E0D0C703B6C8}/FS1
        {14E52635-0A95-4a5c-BDB1-E0D0C703B6C8}/FS1.dcb.local

C:\Windows\system32>setspn -X

Processing entry 0

{14E52635-0A95-4a5c-BDB1-E0D0C703B6C8}/FS1 is registered on these accounts:

        CN=Backup Exec,CN=Users,DC=dcb,DC=local

        CN=FS1,OU=Domain Controllers,DC=dcb,DC=local

{14E52635-0A95-4a5c-BDB1-E0D0C703B6C8}/FS1.dcb.local is registered on these accounts:

        CN=Backup Exec,CN=Users,DC=dcb,DC=local

        CN=FS1,OU=Domain Controllers,DC=dcb,DC=local

found 2 groups of duplicate SPNs.

C:\Windows\system32>
- Marked as answer by David Shen Monday, September 14, 2009 10:16 AM
Thursday, September 10, 2009 6:08 PM

All replies

0

Sign in to vote

Hi

This links may help you....

http://www.minasi.com/forum/topic.asp?TOPIC_ID=19901

https://msmvps.com/blogs/vandooren/archive/2008/03/11/getting-rid-of-the-duplicate-spn-in-active-directory.aspx

http://msmvps.com/blogs/systmprog/archive/2007/01/23/duplicate-spn-registered-in-domain.aspx

http://social.technet.microsoft.com/Forums/en-US/identitylifecyclemanager/thread/542f3b30-41f6-4299-b373-5b1f3dc16269

http://support.microsoft.com/kb/305971

Regards

Rajesh J S

Thursday, September 10, 2009 2:14 PM
0

Sign in to vote

Hi

Thanks for those links but I still don't understand if I do a setspn -X then how do I do a setspn -D with the data above from the setspn -X
or is it that it can't be done?

Many Thanks

Thursday, September 10, 2009 3:43 PM
0

Sign in to vote
Don’t Know if this would help anyone with there SPN problems

I got rid of 2 of the duplicate SPN’s by going into Services stopping 2 of my SQL instances changing the username starting them and then stopping them and then change the username back then start them again.

I still have 2 duplicate SPN’s listed below

I guess the way to get rid of duplicate would be something like setspn -D<SPN> <computer_name> I would appreciate some help on this as I am not sure what the SPN would be and which one would be deleted I presume one is good and one is bad?

C:\Windows\System32\setspn -L FS1

Registered ServicePrincipalNames for CN=FS1,OU=Domain Controllers,DC=dcb,DC=local:
        {14E52635-0A95-4a5c-BDB1-E0D0C703B6C8}/FS1
        {14E52635-0A95-4a5c-BDB1-E0D0C703B6C8}/FS1.dcb.local

C:\Windows\system32>setspn -X

Processing entry 0

{14E52635-0A95-4a5c-BDB1-E0D0C703B6C8}/FS1 is registered on these accounts:

        CN=Backup Exec,CN=Users,DC=dcb,DC=local

        CN=FS1,OU=Domain Controllers,DC=dcb,DC=local

{14E52635-0A95-4a5c-BDB1-E0D0C703B6C8}/FS1.dcb.local is registered on these accounts:

        CN=Backup Exec,CN=Users,DC=dcb,DC=local

        CN=FS1,OU=Domain Controllers,DC=dcb,DC=local

found 2 groups of duplicate SPNs.

C:\Windows\system32>
- Marked as answer by David Shen Monday, September 14, 2009 10:16 AM
Thursday, September 10, 2009 6:08 PM
0

Sign in to vote

Because they are duplicates you cannot remove them with setspn, it does not know which are correct. You need to use LDP.exe.
Retail Services Developer

Friday, November 6, 2009 8:10 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

Remove duplicate SPN

Question

New at SPN’s I am working on a SBS 2008 server and have duplicate SPN's
I found this on the Microsoft web site which I have done until I get to the remove (3) the data below is from the setspn –X

Please help I think this is a common problem but I can't find a common solution not sure if the setspn -D would work
I have tryed to find them with ADSIEdit and LDP with no luck but not a expert with these tools

1) how do I know which is the duplicate I presume I delete 2 of the 4

2) what is <SPN> and <computername> in item 3 of remove SPN

To identify the duplicate SPN:

Remove an SPN

Answers

All replies

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

Remove duplicate SPN

Question

New at SPN’s I am working on a SBS 2008 server and have duplicate SPN'sI found this on the Microsoft web site which I have done until I get to the remove (3) the data below is from the setspn –X

Please help I think this is a common problem but I can't find a common solution not sure if the setspn -D would workI have tryed to find them with ADSIEdit and LDP with no luck but not a expert with these tools1) how do I know which is the duplicate I presume I delete 2 of the 4

2) what is <SPN> and <computername> in item 3 of remove SPN

To identify the duplicate SPN:

Remove an SPN

Answers

All replies

New at SPN’s I am working on a SBS 2008 server and have duplicate SPN's
I found this on the Microsoft web site which I have done until I get to the remove (3) the data below is from the setspn –X

Please help I think this is a common problem but I can't find a common solution not sure if the setspn -D would work
I have tryed to find them with ADSIEdit and LDP with no luck but not a expert with these tools

1) how do I know which is the duplicate I presume I delete 2 of the 4