KDC Error 11 in System log

[ttavanello]

Continue to recieve the following error in our event logs
on Root Domain controllers and child Domains except the
child domain that the Domain controller belongs to.

The event message is as follows:
"There are multiple accounts with Name
Host/breflsdc.rita.ritaoh.net of type 10"

This event does not appear on the child domain that the
server belongs to. I also do not see any replication
errors in the logs. I will sometimes have DNS issues
where static entries will disapper, but I am not sure if
these two are related. ADSI does not reveal any problems
related to corrupt or duplicate objects and I am out of
idea's..Any help would be appreciated...

 

[Tim Springston \(MSFT\)]

It sounds like there is a service principal name in more than one place (on
two different machine object's serviceprincipalname attributes) in your AD.
The idea is (I think you guessed it) search for the duplicate and remove it.

I would suggest using LDIFDE to export the domain to text file and seach for
Host/breflsdc.rita.ritaoh.net in that file.

Syntax would be like:

LDIFDE -d DC=childdomain,DC=domain,DC=net -f c:\export.txt

One of the entries will need to be removed. The trick can be determining
which one. If the machine's name is actually BREFLSDC, that could be
realtively easy. If that's an SPN for a service account for an
application, it may require a service restart to see if the service
reregisters that SPN after you delete it (whether you removed the
correct/incorrect one).

Let us know how that goes.