****
*
*
*
*







*
*
                                      
*
*
Windows Server



    

KDC Event ID 11    

*
*

*
*

KDC Event ID 11



Apr
28

Event ID KDC 11 in the System log of domain controllers

 

This is the Knowledge Base Article for KDC 11 Event ID

Microsoft Support KB 321044

There is a script to be used inspite of ldifde dump. Please allow us some time to provide that script in here.

http://support.microsoft.com/kb/321044

SYMPTOMS

 

The following events may be recorded in the System log on one or more domain controllers:

Event Type: Error
Event Source: KDC
Event Category: None
Event ID: 11
Date: 4/1/2002
Time: 1:40:14 PM
User: N/A
Computer: ComputerName
Description: There are multiple accounts with name host/mycomputer.mydomain.com of type 10.

 

Event Type: Error
Event Source: KDC
Event Category: None
Event ID: 11
Date: 8/17/2004
Time: 1:30:00 PM
User: N/A
Computer: ComputerName
Description: There are multiple accounts with name HOST/machinename of type DS_SERVICE_PRINCIPAL_NAME.

 

Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 4
Date: 8/17/2004
Time: 1:30:00 PM
User: N/A
Computer: ComputerName
Description: The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/machinename.childdomain.rootdomain.com. The target name used was cifs/machinename.domain.com. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (childdomain.rootdomain.COM), and the client realm. Please contact your system administrator.

 

This event may also apply to other service principal names. For example, this event may also apply to host/NetBIOSComputerName.

 

CAUSE

 

This problem occurs because two or more computer accounts have the same service principal name (SPN) registered. Event ID 11 is logged when the Key Distribution Center (KDC) receives a ticket request, and the related SPN exists more than one time when it is checked on the global catalog (GC) for forestwide verification.

 

RESOLUTION

 

To resolve this problem, locate the computer accounts that have the duplicate SPNs. When you have located the computers that have the duplicate SPNs, you can either delete the computer account from the domain, disjoin and rejoin the computer to the domain, or you can use ADSIEdit to correct the SPN on the computer that has the incorrect SPN.

To locate the computer accounts that have the duplicate SPNs, use one of the following methods.

Method 1: Use the LDP support tool

Note If you do not have the Windows 2000 support tools installed, install them from the Windows 2000 CD-ROM before you continue. The Setup executable file for the support tools is located on the CD-ROM in the Support\Tools folder. The installation does not require that you restart the computer. However, you may have to restart the computer to update the environment variables.

1.      Click Start, click Run, type LDP, and then click OK.

2.      Click Connection, and then click Connect.

3.      Leave the default settings, and then click OK.

Note
If you do not receive the expected result, try another search by using the Global Catalog Port (3268) instead of the default setting (389).

4.      Click Connection, and then click Bind.

5.      Leave the default settings, and then click OK.

6.      Click View, and then click Tree.

7.      In the Tree View dialog box, type DC=YourDomain,DC=com in the BaseDN box, where YourDomain is your domain.

8.      Click Browse, and then click Search.

9.      In the Search dialog box, type DC=YourDomain,DC=com in the BaseDN box.

10. In the Search dialog box, type (serviceprincipalname=HOST/mycomputer.mydomain.com) in the Filter box. If the service principal name that is referred to in the error in the System log differs from this example, type the service principal name to which the error refers. 

Note
If you do not receive the expected result, try searching for " HOST/" as opposed to searching only for the exact SPN in the event ID.

11. Under Scope, click Subtree.

12. Click Run.

 

Method 2: Use the Ldifde utility

Use the Ldifde utility to dump the SPN for the forest:

1.      From the domain controller, open a command prompt, and then type the following string:

ldifde -f check_SPN.txt -t 3268 -d "" -l servicePrincipalName -r "(servicePrincipalName=HOST/mycomputer*)" -p subtree

(Note Because you use the -t 3268 parameter to specify that a global catalog (GC) server is used in the query, and you do not use the -d parameter to specify an explicit distinguished name (DN), the forest root DN is used with the HOST/mycomputer* parameter. Therefore, you can look for all SPNs that contains this string.

2.      Open the check_SPN.txt file in Notepad, and then search for the SPN that is reported in the event log.

3.      Note the user accounts and the computer accounts under which the SPN is located.

 

Method 3:

Use the querySpn.vbs script in the following Microsoft TechNet article. To use the script, copy the code, paste it into Notepad, and then save the script as querySpn.vbs.

http://www.microsoft.com/technet/scriptcenter/solutions/spnquery.mspx

Run the script by using the following command:

cscript spnquery.vbs HOST/mycomputer* >check_SPN.txt

Note The obtained output file check_SPN.txt from the script in Method 3 can be used the same way as described in Method 2.

 

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

I would say that this is a problem not with the product design but with the implementation of the same.

 

Article ID: 321044

This article applies to:

·        Microsoft Windows Server 2003, Standard Edition (32-bit x86)

·        Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)

·        Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)

·        Microsoft Windows 2000 Server SP2, when used with:

·        Microsoft Windows 2000 Server

·        Microsoft Windows 2000 Advanced Server

·        Microsoft Windows 2000 Server SP1, when used with:

·        Microsoft Windows 2000 Server

·        Microsoft Windows 2000 Advanced Server

 



No TrackBacks

TrackBack URL: http://www.skar.us/site/mt-tb.cgi/3357

Leave a comment








*
*

administrator
Author Bio          ★★★★★

Author Name:         administrator
Author Location:    India
Author Rank:          Writer
Author Status:        
The Green leave stands!!


*
*
*
*
****



*****



    Desktop
  • eBooks
  • Games
  • Softwares
  • Tools
  • Tweaks
  • Wallpapers
  • Warez
    PDA
  • Games
  • Tools
  • Wallpapers
    System Administration
  • dll Center
  • Scripts
  • Tools
  • .extensions database
  • Write-up
    more...
  • Download Database
  • Jobs
  • Lists
  • Polls
  • Glossary

01000011 01110010 01100001 01100011 01101011 01111010 01101000 01100001 01100011 01101011