Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Service Principal Name Configuration

Updated: December 16, 2008

Applies To: Windows Server 2008 R2

Service principal names (SPNs) are stored as a property of the associated account object in Active Directory Domain Services (AD DS). An SPN is used by Kerberos to uniquely identify an account that is requesting access to a resource.

Events

Event ID Source Message

11

Microsoft-Windows-Kerberos-Key-Distribution-Center

The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is %1 (of type %2). This may result in authentication failures or downgrades to NTLM. In order to prevent this from occuring remove the duplicate entries for %1 in Active Directory.

24

Microsoft-Windows-Kerberos-Key-Distribution-Center

A service ticket request by client %1 for %2 was rejected because User2User was required. The KDC responds with this error when a client requests a service ticket for a user principal (a security risk). The client must support User2User in order to obtain a service ticket for the requested service principal

Related Management Information

Kerberos Key Distribution Center

Core Security

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.