I recevied an event 11 from KDC.
The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is MSSQLSvc/sql05.domain.org:1433 (of type DS_SERVICE_PRINCIPAL_NAME). This may result in authentication failures or downgrades to NTLM. In order to prevent this from occuring remove the duplicate entries for MSSQLSvc/sql05.domain.org:1433 in Active Directory.
I ran setspn -X on the domain controller where the error was received and it returned this:
MSSQLSvc/SQL05.domain.org:1433 is registered on these accounts:
CN=SQL05,OU=Servers,DC=domain,DC=org
CN=IT Administrator,OU=Administrative Accounts,OU=Information Technology,DC=domain,DC=org
I HAVE searched for this and read a few forum posts regarding it. According to the error message, the SPN I should delete is MSSQLSvc/sql05.domain.org:1433.
It seems to me that MSSQLSvc/sql05.domain.org:1433 is the legit entry that I would want to keep, and that the second one (which is a user account) should be the one I delete. Can anyone comment on this?
Also, how did this user account get an SPN registered that ties in with a SQL Server?
