Event ID 11 There are multiple accounts with name MSSQLSvc

Reading Time: 3 minutes

If you’re receiving an event ID 11 within your domain controller event log, you will be seeing an error
similar to the one below.

Event:
There are multiple accounts with name MSSQLSvc/Servername.domain.com:1433 of type DS_SERVICE_PRINCIPAL_NAME.

There are a few ways to locate duplicate SPN’s.

One being, running a script.

1) Copy and paste the below script into notepad:

‘ Copyright (c) Microsoft Corporation 2004 –
‘ File:        querySpn.vbs
‘ Contents:   Query a given SPN in a given forest to find the owners
‘ History:     7/7/2004   Craig Wiand   Created   
Option Explicit    
Const DUMP_SPNs = True
Dim oConnection, oCmd, oRecordSet
Dim oGC, oNSP
Dim strGCPath, strClass, strSPN, strADOQuery
Dim vObjClass, vSPNs, vName

ParseCommandLine()

‘— Set up the connection —
Set oConnection = CreateObject(“ADODB.Connection”)
Set oCmd = CReateObject(“ADODB.Command”)
oConnection.Provider = “ADsDSOObject”
oConnection.Open “ADs Provider”
Set oCmd.ActiveConnection = oConnection
oCmd.Properties(“Page Size”) = 1000

‘— Build the query string —
strADOQuery = “<” + strGCPath + “>;(servicePrincipalName=” + strSPN + “);” & _
    “dnsHostName,distinguishedName,servicePrincipalName,objectClass,” & _
        “samAccountName;subtree”
oCmd.CommandText = strADOQuery

‘— Execute the query for the object in the directory —
Set oRecordSet = oCmd.Execute
If oRecordSet.EOF and oRecordSet.Bof Then
  Wscript.Echo “No SPNs found!”
Else
 While Not oRecordset.Eof
   Wscript.Echo oRecordset.Fields(“distinguishedName”)
   vObjClass = oRecordset.Fields(“objectClass”)
   strClass = vObjClass( UBound(vObjClass) )
   Wscript.Echo “Class: ” & strClass
   If UCase(strClass) = “COMPUTER” Then
      Wscript.Echo “Computer DNS: ” & oRecordset.Fields(“dnsHostName”)
   Else
      Wscript.Echo “User Logon: ” & oRecordset.Fields(“samAccountName”)
   End If
  
   If DUMP_SPNs Then
      ‘— Display the SPNs on the object —
      vSPNs = oRecordset.Fields(“servicePrincipalName”)
      For Each vName in vSPNs
         Wscript.Echo “– ” + vName
      Next
   End If
   Wscript.Echo
   oRecordset.MoveNext
 Wend
End If

oRecordset.Close
oConnection.Close

Sub ShowUsage()
   Wscript.Echo ” USAGE:    ” & WScript.ScriptName & _
        ” SpnToFind [GC Servername or Forestname]”
   Wscript.Echo
   Wscript.Echo ” EXAMPLES: ”
   Wscript.Echo ”           ” & WScript.ScriptName & _
        ” MSSQLSvc/MySQL.company.com:1433″
   Wscript.Echo ”           ” & WScript.ScriptName & _
        ” HOST/Server1 Corp.com”
   Wscript.Quit 0
End Sub

Sub ParseCommandLine()
  If WScript.Arguments.Count <> 1 And WScript.Arguments.Count <> 2 Then
ShowUsage()
  Else
   strSPN = WScript.Arguments(0)
   If WScript.Arguments.Count = 2 Then
      strGCPath = “GC://” & WScript.Arguments(1)
   Else
    ‘— Get GC —
    Set oNSP = GetObject(“GC:”)
    For Each oGC in oNSP
      strGCPath = oGC.ADsPath
    Next
   End If
 End If
End Sub

Source: http://technet.microsoft.com/en-us/library/ee176972.aspx

2) Save the file as spn_query.vbs

3) On one of your domain controllers, open comamnd prompt, browse to the location of where your
script is located and type spn_query.vbs MSSqlSvc/Server1 (server1 being the name of your server)

4) Press return and a list of servers will appear within the command window. You may find one of the values is under the servername and the other
under a username such as administrator.

5) The one you should be deleting is the one which does not run against the SQL service. So if SQL service runs as local host, you should
remove the one under the username administrator. If the SQL service runs under an account such as administrator, you would delete the one under the servername.

Imporant: Please ensure you take note of the current settings incase you need to revert. Also, ensure you have successful backups incase you need to restore.

6) To delete the duplicate value, there are a few ways of doing this. The one I will be describing is ADSI EDIT.

7) On your domain controller, type the following within the ‘run’ box: adsiedit.msc and click OK

8.) Expand domain

9) Expand DC=domain,DC=local

10) Locate the servername or username where you wish to remove the duplicate SPN.

11) Right click on the server or username and click properties

12) Browse to ServicePrincipleName and click edit

13) Take a note of current settings and remove the duplicate value.

14) Click OK

Event ID 11 should now disappear.

Please follow and like us: