Export (0) Print
Expand All

Service Principal Name Configuration

Updated: November 30, 2007

Applies To: Windows Server 2008

Service principal names (SPNs) are stored as a property of the associated account object in Active Directory Domain Services (AD DS). An SPN is used by Kerberos to uniquely identify an account that is requesting access to a resource.

Events

Event ID Source Message

11

Microsoft-Windows-Kerberos-Key-Distribution-Center

The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is %1 (of type %2). This may result in authentication failures or downgrades to NTLM. In order to prevent this from occuring remove the duplicate entries for %1 in Active Directory.

24

Microsoft-Windows-Kerberos-Key-Distribution-Center

A service ticket request by client %1 for %2 was rejected because User2User was required. The KDC responds with this error when a client requests a service ticket for a user principal (a security risk). The client must support User2User in order to obtain a service ticket for the requested service principal

Related Management Information

Kerberos Key Distribution Center

Core Security

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft