Hey SpiceGals and Guys
I have a customer with a Mamut installation (ERP), where the eventlog is littered with Kerboros error regarding duplicare SPN. If I run the Setspn -X command, I get this:
Checking domain DC=Contoso,DC=local
Processing entry 0
MSSQLSvc/SBSRV.Contoso.local:MAMUT is registered on these accounts:
CN=User1,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=Contoso,DC=local
CN=SBSRV,OU=DomainControllers,DC=Contoso,DC=local
MSSQLSvc/SBSRV.Contoso.local:8951 is registered on these accounts:
CN=User1,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=Contoso,DC=localCN=SBSRV,OU=Domain Controllers,DC=Contoso,DC=local
found 2 groups of duplicate SPNs.
And correctly, there are 2 SPN defined on the User1 AD account. But which one to remove?
The Eventlog has this entry:
A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 6:47:45.0000...