Chef3Fingers
Mon Jan 30 11:00:39 CST 2006
I will try this and get back to you. Thank you for responding, I hope this
works I was almost ready to give up hope because so far no other information
has assisted.
Thank you -hope to have an answer for you tomorrow.
"Trini" wrote:
> Hi!
>
> I had the same error although my CRM is not installed on a SBS server. It is
> a typical error when installing CRM on a SBS box. here what you should do:
>
> 1. make a good backup of your system! (people keep forgetting this)
> 2. identify under which user accounts the services are registered best thing
> to determine that is as it is described in the KB you already found
> 3. I suspect if you follow the instructions in the KB (as my college did)
> CRM won't work at all anymore (took my ages to fix it as he did not do point
> one)
> 4. identify how these SPNs where set (I am sure one is set on the server and
> one is set on the user account crm is running under)
> 5. you remove by using setspn (see this article how to install it
>
http://support.microsoft.com/default.aspx?scid=kb;en-us;871179) all
> registrations from all other accounts except from the server account (do not
> touch SQL registration should that be registered under one)
> 6. open the iis management console and change the service account under
> which the CRM application runs under (mark the application - properties -
> identity) to the local system account
> 7. open the SQL server management and verify that it is starting as well
> under the local user account or network service account (if one of them is
> in just keep it)
> 8. restart iis (command prompt 'iisreset' )
> 9. check if everything is still running fine and if you still get the KDC
> errors
>
> Just keep in mind this was what helped me and there is no guarantee that
> this helps you as well
> A second way would be (works as well I did that as well but had due to
> different problem use the above way to solve it) described here
>
http://groups.google.com/group/microsoft.public.crm/browse_thread/thread/b06d7f88b358efe3/e2c6c851b64e6ad4%23e2c6c851b64e6ad4?sa=X&oi=groupsr&start=0&num=3
> In your you have to register the http service only on the port on which your
> CRM is running on that user account - otherwise the other applications will
> stop working.
>
> Good luck and let us all know if this helped you.
>
> Cheers
>
> Kat
>
> "Chef 3 Fingers" <Chef3Fingers@discussions.microsoft.com> wrote in message
> news:5D8A8C47-F6C5-4BF0-ACC1-A847B1D6FC37@microsoft.com...
> > Mike,
> > I would be willing to try but I am not receiving KDC errors related to the
> > MSSQLSvc
> > Are you suggesting thtat the errors I am receiving
> > KDC Errors are:
> > There are multiple accounts with name cifs/servername of type
> > DS_SERVICE_PRINCIPAL_NAME
> > There are multiple accounts with name HOST/SERVERNAME.DOMAIN.COM of type
> > DS_SERVICE_PRINCIPAL_NAME
> > There are multiple accounts with name cifs/servername.domain.com of type
> > DS_SERVICE_PRINCIPAL_NAME.
> > There are multiple accounts with name host/servername.domain.com of type
> > DS_SERVICE_PRINCIPAL_NAME. (Note the case change.)
> > There are multiple accounts with name cifs/SERVERNAME.DOMAIN.COM of type
> > DS_SERVICE_PRINCIPAL_NAME.
> >
> > Are you suggesting that the above KDC errors are being generated due to a
> > SPN of
> > MSSQLSvc/servername.domain.com
> >
> > Let me know if I understand you correctly.
> >
> > Thanks
> >
> > "Mike Morisoli" wrote:
> >
> >> Chef, the only thing that looks out of place is;
> >> MSSQLSvc/servername.domain.com
> >>
> >> This is an entry with no port assigned, which I beleive would overlap the
> >> next entry
> >> MSSQLSvc/servername.domain.com:1433
> >>
> >> If you are willing to try, you can remove the
> >> MSSQLSvc/servername.domain.com
> >> entry and see what happens. Typically these updates happen instantly and
> >> the errors go away or not without rebooting.
> >>
> >>
> >>
> >> "Chef 3 Fingers" <Chef3Fingers@discussions.microsoft.com> wrote in
> >> message
> >> news:AEF547AD-5478-4102-BC03-22523FFE5FF6@microsoft.com...
> >> > Hi,
> >> > Under "CRMAppPool" and Under "Properties" and the "Identity" tab. I
> >> > find
> >> > "Predefined" is checked and it is using "Local System"
> >> >
> >> > under the DC spn's
> >> > DNS/servername.domain.com
> >> > E3514235-4B06-11D1-AB04-00C04FC2DCD/aee43c37-9824-4a85-822c-4d216c8feea8/domain.com
> >> > exchangeAB/servername
> >> > exchangeAB/servername.domain.com
> >> > exchangeMDB/servername
> >> > exchangeMDB/servername.domain.com
> >> > exchangeRFR/servername
> >> > exchangeRFR/servername.domain.com
> >> > GC/servername.domain.com/domain.com
> >> > HOST/SERVERNAME
> >> > HOST/servername.domain.com
> >> > HOST/servername.domain.com/DOMAIN
> >> > HOST/servername.domain.com/domain.com
> >> > ldap/aee43c37-9824-4a85-822c-4d216c8feea8._msdcs.domain.com
> >> > ldap/SERVERNAME
> >> > ldap/servername.domain.com
> >> > ldap/servername.domain.com/DomainDnsZones.domain.com
> >> > ldap/servername.domain.com/ForestDnsZones.domain.com
> >> > ldap/servername.domain.com/DOMAIN
> >> > ldap/servername.domain.com/domain.com
> >> > MSSQLSvc/servername.domain.com
> >> > MSSQLSvc/servername.domain.com:1433
> >> > NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/servername.domain.com
> >> > SMTPSVC/SERVERNAME
> >> > SMTPSVC/servername.domain.com
> >> >
> >> > As noted above the apppool is not running under a domain name
> >> >
> >> > Looking forward to your follow up.
> >> > Thanks
> >> >
> >> >
> >> > "Mike Morisoli" wrote:
> >> >
> >> >> Open up IIS Admin on your CRM server (guess its the same as your DC)
> >> >> and
> >> >> expand your computer. Next expand "Application Pools", there you
> >> >> should
> >> >> see
> >> >> a pool named CRMAppPool. Right click on it and select "Properties"
> >> >> then
> >> >> go
> >> >> to the "Identity" tab. You should see if "Predefined" or
> >> >> "Configurable"
> >> >> is
> >> >> checked. If "Configurable" is checked, what is the domain account it
> >> >> is
> >> >> running under.
> >> >>
> >> >>
> >> >>
> >> >> Now for adsiedit.msc what to look at depends a bit on the above.
> >> >>
> >> >>
> >> >>
> >> >> For now go look at the SPN's defined for the computer account itself.
> >> >> Since
> >> >> this is SBS I am assuming your computer is also a DC so open up
> >> >> adsiedit,
> >> >> select your domain, the go to the "OU=Domain Controllers" and expand
> >> >> that.
> >> >> Select the computer that is running CRM and right click on it, select
> >> >> Properties. Scroll thru the attribute list till you find
> >> >> "servicePrincibalName", click on it, then click the "Edit" button.
> >> >> Since
> >> >> this is a DC there will be a lot of items defined. If you can write
> >> >> them
> >> >> down or printscreen them.
> >> >>
> >> >>
> >> >>
> >> >> If your app pool is running with a domain name, find the domain name
> >> >> in
> >> >> the
> >> >> Users OU or wherever it is located and look at the SPN's for the user
> >> >> account as well.
> >> >>
> >> >>
> >> >>
> >> >> Please be careful with adsiedit, it can kill AD so don't change
> >> >> anything
> >> >> unless you understand what you are changing.
> >> >>
> >> >>
> >> >>
> >> >> Look forward to seeing what you find.
> >> >>
> >> >>
> >> >> "Chef 3 Fingers" <Chef3Fingers@discussions.microsoft.com> wrote in
> >> >> message
> >> >> news:306F1DD2-EFFE-4E70-8CCB-07E20CDA8DCB@microsoft.com...
> >> >> > MIke,
> >> >> > How do I determine if the IIS app pool is running under a domain
> >> >> > account
> >> >> > or
> >> >> > a network service?
> >> >> >
> >> >> > The exact SPN's? do you mean for the App Pool or for the ones I have
> >> >> > given
> >> >> > below?
> >> >> >
> >> >> > I have been using the ADSIEDIT tool but do no know what you would
> >> >> > like
> >> >> > me
> >> >> > to
> >> >> > look at.
> >> >> > Thanks for the repsonse lookng forward to a dialog.
> >> >> >
> >> >> > "Mike Morisoli" wrote:
> >> >> >
> >> >> >> Is your IIS app pool runing under a domain account or Network
> >> >> >> Service.
> >> >> >>
> >> >> >> What are the exact SPN's for the account and/or the server?
> >> >> >>
> >> >> >> adsiedit is a great tool to see these easier.
> >> >> >>
> >> >> >> Mike
> >> >> >>
> >> >> >>
> >> >> >> "Chef 3 Fingers" <Chef3Fingers@discussions.microsoft.com> wrote in
> >> >> >> message
> >> >> >> news:F4C7671B-3CFC-4A1B-8A80-C8B8043B8126@microsoft.com...
> >> >> >> > After installing CRM I am getting KDC errors in the system event
> >> >> >> > viewer
> >> >> >> > on
> >> >> >> > SBS 2003 SP1
> >> >> >> >
> >> >> >> > Errors are:
> >> >> >> > There are multiple accounts with name cifs/servername of type
> >> >> >> > DS_SERVICE_PRINCIPAL_NAME
> >> >> >> > here are multiple accounts with name HOST/FQDN of type
> >> >> >> > DS_SERVICE_PRINCIPAL_NAME
> >> >> >> > There are multiple accounts with name cifs/FQDN of type
> >> >> >> > DS_SERVICE_PRINCIPAL_NAME.
> >> >> >> > There are multiple accounts with name host/FQDN of type
> >> >> >> > DS_SERVICE_PRINCIPAL_NAME. (Note the case change.)
> >> >> >> > There are multiple accounts with name cifs/FQDN of type
> >> >> >> > DS_SERVICE_PRINCIPAL_NAME. (this time the FQDN is in CAPS)
> >> >> >> >
> >> >> >> > I followed the instructions for the install from the doc
> >> >> >> > "Installing
> >> >> >> > and
> >> >> >> > Securing Microsoft CRM 1.2 on a Windows Small Business Server
> >> >> >> > 2003
> >> >> >> > Network"
> >> >> >> >
> >> >> >> > CRM 1.2 is installed on the SBS server and it is working just
> >> >> >> > fine
> >> >> >> > as
> >> >> >> > long
> >> >> >> > as I leave the the SPN's in place. If I remove then then CRM is
> >> >> >> > not
> >> >> >> > found.
> >> >> >> > Rebooting puts them back in and CRM starts working again as
> >> >> >> > expected. I
> >> >> >> > then
> >> >> >> > begin to get the KDC errors again. What can I do to get rid of
> >> >> >> > these.
> >> >> >> > Is
> >> >> >> > there a KB that you can send me?
> >> >> >> > These errors do not seem to affect the operation of the system or
> >> >> >> > the
> >> >> >> > application but I would like to get rid of them.
> >> >> >> >
> >> >> >> > Thank you for any help you can give. I have followed the article
> >> >> >> > about
> >> >> >> > getting rid of these errors but this solution does not resolve
> >> >> >> > the
> >> >> >> > issue.
> >> >> >> >
http://support.microsoft.com/default.aspx?scid=kb;en-us;305971
> >> >> >> > Thanks for any insighe.
> >> >> >>
> >> >> >>
> >> >> >>
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>