I have several duplicate SPN's associated with one of my DC's. I have deleted each of them multiple times, using both setspn -D and ADSIedit, but after a few minutes
these SPN's all re-appear. How can I permanently delete them? Where do they come from? In case it's relevant, I re-named one of my DC's--was named "Blue", now named "Green", to make way for a new server named "Blue."
The problem is server Green still has several "Blue" SPN's in addition to the "Green" SPN's, and those Blue SPN's conflict with the Blue SPN's on the new server Blue. The duplicates are not creating any obvious problems except for
Kerberos error events logged in the System Log on the new server Blue.
↧