Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

Service Principal Name Configuration

Updated: December 16, 2008

Applies To: Windows Server 2008 R2

Service principal names (SPNs) are stored as a property of the associated account object in Active Directory Domain Services (AD DS). An SPN is used by Kerberos to uniquely identify an account that is requesting access to a resource.


Event ID Source Message



The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is %1 (of type %2). This may result in authentication failures or downgrades to NTLM. In order to prevent this from occuring remove the duplicate entries for %1 in Active Directory.



A service ticket request by client %1 for %2 was rejected because User2User was required. The KDC responds with this error when a client requests a service ticket for a user principal (a security risk). The client must support User2User in order to obtain a service ticket for the requested service principal

Related Management Information

Kerberos Key Distribution Center

Core Security

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

© 2015 Microsoft