I have not done anything with the SETSPN to set a Service Princapal Name, which might be my whole issue. and i disabled log event from kerberos. 0 LVL 1 Overall: Level 1 Message Author Closing Comment by:Gonzalo Becerra ID: 323377722010-04-28 The reason of the grade is because i reset Event Type: Error Event Source: Kerberos Event Category: None Event ID: 3 Date: 4/21/2010 Time: 2:32:15 PM User: N/A Computer: SMAWIS01 Description: A Kerberos Error Message was received: Wednesday, July 21, 2010 3:12 PM Reply | Quote 1 Sign in to vote I just posted a TechNet Wiki article http://social.technet.microsoft.com/wiki/contents/articles/kerberos-error-code-0x7-kdc-err-s-principal-unknown-dsforum2wiki.aspxthat should help people troubleshoot this issue and find troubleshooting https://social.technet.microsoft.com/Forums/sharepoint/en-US/5e282685-522c-4ce0-9ee2-e9d9a5d1f76f/kerberos-error-code-0x7-kdcerrsprincipalunknown?forum=winserverDS
Brian Kerberos Reply lextm 6763 Posts MVP Re: Kerberos Delegation & Double-hop issue Apr 12, 2009 08:29 AM|lextm|LINK You will find DelegConfig helpful. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. While on the subject here is another link that might help in other relevant cases: Kerberos Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Posted by Adil Hindistan at 12:43 PM Email ThisBlogThis!Share to TwitterShare If we browse the Role Center pages from the EP server, we getNO errors in the KPI and Reporting web parts.However If we try an browse from a different server/desktop machine
- Can I negatively impact anything by doing that?
- VirtualizationAdmin.com The essential Virtualization resource site for administrators.
- Solution: The error is due to a dual SPN entry.
- Storage Software SBS Windows Server 2003 Windows Server 2008 Script to Clean up SharePoint User Profiles Article by: Greg This script can help you clean up your user profile database by
- I found a kb to update SetSPN with: "setspn -R servername" but the problem in Event Viewer Perssist. 0 Comment Question by:Gonzalo Becerra Facebook Twitter LinkedIn https://www.experts-exchange.com/questions/25977464/KDC-ERR-S-PRINCIPAL-UNKNOWN-Kerberos-Event-ID-3.htmlcopy LVL 47 Active 2
- Join our community for more solutions or to ask questions.
I can't say for sure the the Sharepoint server is set up properly but in ISA it indicates that in order to use the Kerberos for authentication you must have IIS What can I do to get rid of the error? For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. 0x7 - Kdc_err_s_principal_unknown: Server Not Found In Kerberos Database Keep in touch with Experts ExchangeTech news and trends delivered to your inbox every month Membership How it Works Gigs Live Careers Plans and Pricing For Business Become an Expert Resource
Cheers JJ _____________________________Jason Jones | Forefront MVP | Silversands Ltd My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/ (in reply to eastmarw) Post #: 2 RE: Kerberos/NTLM Authentication - 24.Sep.2009 1:15:29 PM eastmarw PS H:\> nltest /sc_query:adilhindistan.com Flags: 30 HAS_IP HAS_TIMESERV Trusted DC Name \\MyDCName.adilhindistan.com Trusted DC Connection Status Status = 0 0x0 NERR_Success The command completed successfully Similarly, the following would reset it. I did find an article that mentioned how to reset them but I'm a little gunshy to do it. You will need this information in a later step.
AndreAndré Tuesday, April 23, 2013 12:51 AM Reply | Quote 0 Sign in to vote Hey - What you need to do is check for duplicate SPN's, and if none are A Kerberos Error Message Was Received On Logon Session Event Id 3 This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. I found this with ldifde -f dump_spn.txt -d "dc=domain,dc=local" -p subtree -r "(servicePrincipalName=MSSQLSvc/sharepointsql*)" -l servicePrincipalName I found that another account in addition to the SQL Server Service account had registered a SPN. I logged into the computer using a local account, launched PowerShell to check the status of Secure Channel: PS> Test-ComputerSecureChannel True OK.
Kdc_err_s_principal_unknown Windows 7
I ran setspn command to show me the duplicate SPNs: setspn.exe -X -P Looked at results, yet the computername I was concerned was not listed. https://www.petri.com/forums/forum/server-operating-systems/windows-server-2008-2008-r2/50538-s2008r2-kerberos-0x7-kdc_err_s_principal_unknown DOMAIN CONTROLLER: Log Name: System Source: Microsoft-Windows-Kerberos-Key-Distribution-Center Date: 10/7/2013 3:59:14 PM Event ID: 11 Task Category: None Level: Kdc_err_s_principal_unknown Mssqlsvc Another error is: Event Type: Error Event Source: Kerberos Event Category: None Event ID: 3 Date: 9/24/2009 Time: 11:30:06 AM User: N/A Computer: BDOWSPISAIFE04 Description: A Kerberos Error A Kerberos Error Message Was Received On Logon Session That is not the issue then!
This is the screenshot for this account to all spn: SPN.jpg 0 LVL 1 Overall: Level 1 Message Author Comment by:Gonzalo Becerra ID: 313742032010-04-21 I found this article: http://support.microsoft.com/default.aspx/kb/929650?p=1 Action: Go to http://go.microsoft.com/fwlink/?LinkId=115965 This error is because we are using a "Wildcard" certificate and according to M$ it is a bug in ISA. Anyone have any experience with getting Kerberos to work? Privacy statement © 2017 Microsoft. Extended Error: 0xc0000035 Klin(0)
Articles Authors Blogs Books Events FAQs Free Tools Hardware Links Message Boards Newsletter Software About Us : : Product Submission Form : Advertising Information ISAserver.org is in no way affiliated with The report renders just fine, so this seems to be more of an informational message than an error. http://blog.juventusconsulting.com/hunting-duplicate-spns/ http://msdn.microsoft.com/en-us/library/ms191153.aspx I'd read up on Kerberos authentication before you start ripping out SPN's - might do more harm than good :) Thanks! http://supportcanonprinter.com/event-id/attempt-to-update-host-service-principal-names.html We enabled auto registration for the SPN's to the service users… Mark Underhill February 19, 2013 at 15:05 Many thanks.
jason March 10, 2016 at 13:16 I may be dumb in asking this :-(, but why have you used "MSSQLSvc/sharepointsql*" this in ur command when the spn set is for MSSQLSvc/sqlserver 0x19 Kdc_err_preauth_required Thanks! This did the trick: setspn.exe -Q HOST/testcomputer.adilhindistan.com Checking domain DC=adilhindistan,DC=com CN=testcomputer1,OU=Workstations,DC=adilhindistan,DC=com HOST/testcomputer.adilhindistan.com HOST/testcomputer1 Checking domain DC=adilhindistan,DC=com CN=testcomputer,OU=Workstations,DC=adilhindistan,DC=com TERMSRV/testcomputer.adilhindistan.com
nltest /sc_reset:adilhindistan.com Looking at Event logs revealed that this was related to an Service Principal Name issue: WORKSTATION: Log Name: System Source: Microsoft-Windows-Security-Kerberos Date:
Have a look here: http://technet.microsoft.com/en-us/library/cc263449.aspx Get this right and I'm sure I will fall into place Cheers JJ _____________________________Jason Jones | Forefront MVP | Silversands Ltd My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/ We have commonly seen that these types error generally manifest whenyou have duplicate SPNs configure by mistake. BTW: it occured to us, after changing the service user for SQL Server Service. navigate here Josh Proposed as answer by Mike YinMicrosoft contingent staff, Moderator Tuesday, April 23, 2013 4:16 PM Marked as answer by Mike YinMicrosoft contingent staff, Moderator Monday, April 29, 2013 11:06 AM
Thanks :) NetMonKerbFilter.jpg 0 LVL 1 Overall: Level 1 Message Author Comment by:Gonzalo Becerra ID: 313885772010-04-21 I found in the same server this other error with other servername. Articles Authors Blogs Books Events FAQs Free Tools Hardware Links Message Boards Newsletter Software Site Search Advanced Search Welcome to ISAserver.org Forums | Register | Login | My Profile | Inbox If it had returned "False", I could have used the -repairChannel parameter to fix it (need to run that in PowerShell Admin console). This error was caused by the following exception: Cannot read information from SQL Server Reporting Services.
This indicates that the target name server failed to decrypt the ticker provided by the client. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Wednesday, December 28, 2016 6:39 AM Reply | Quote Microsoft is conducting an online survey to understand your opinion of the Technet Web site. The strange thing is that the server and target are the same, except that the server name appears as server.domain.org but target name appears as [email protected] Is the extra @domain.org the
To get rid of the error you need to correctly configure Kerberos.