New at SPNs I am working on a SBS 2008 server and have duplicate SPN'sI found this on the Microsoft web site which I have done until I get to the remove (3) the data below is from the setspn X Please help I think this is a common problem but I can't find a commonsolution not sure if the setspn -D would workI have tryed to find them with ADSIEdit and LDP with no luck but not a expert with these tools1) how do I know which is the duplicate I presume I delete 2 of the 4 2) what is <SPN> and <computername> in item 3 of remove SPN To identify the duplicate SPN: 1. Log on tothe computer referenced in the event log message. If this computer is not running Windows Server 2008, you must download and install the Windows Server 2003 Resource Kit, which includes setspn.exe. 2. Click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. 3. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue. 4. Type setspn -X. 5. The output of this command will show the duplicate SPNs. 6. Use the following procedure toremove one of the duplicate SPNs. Remove an SPN To remove an SPN: 1. Click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. 2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue. 3. Type setspn -D<SPN> <computer_name>, where SPN is the name of the duplicate SPN and computer_name is the name of the computer that is assigned the duplicate SPN. C:\>setspn -X Processing entry 0 {14E52635-0A95-4a5c-BDB1-E0D0C703B6C8}/FS1 is registered on these accounts: CN=Backup Exec,CN=Users,DC=dcb,DC=local CN=FS1,OU=Domain Controllers,DC=dcb,DC=local {14E52635-0A95-4a5c-BDB1-E0D0C703B6C8}/FS1.dcb.local is registered on these accounts: CN=Backup Exec,CN=Users,DC=dcb,DC=local CN=FS1,OU=Domain Controllers,DC=dcb,DC=local MSSQLSvc/FS1.dcb.local:45660 is registered on these accounts: CN=Newadm Administrator,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=dcb,DC=local CN=Backup Exec,CN=Users,DC=dcb,DC=local MSSQLSvc/FS1.dcb.local:31612 is registered on these accounts: CN=Newadm Administrator,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=dcb,DC=local CN=Administrator,CN=Users,DC=dcb,DC=local found 4 groups of duplicate SPNs. C:\>

Hi This links may help you....http://www.minasi.com/forum/topic.asp?TOPIC_ID=19901https://msmvps.com/blogs/vandooren/archive/2008/03/11/getting-rid-of-the-duplicate-spn-in-active-directory.aspxhttp://msmvps.com/blogs/systmprog/archive/2007/01/23/duplicate-spn-registered-in-domain.aspxhttp://social.technet.microsoft.com/Forums/en-US/identitylifecyclemanager/thread/542f3b30-41f6-4299-b373-5b1f3dc16269http://support.microsoft.com/kb/305971Regards Rajesh J S

HiThanks for those links but I still don't understand if I do a setspn -X then how do I do a setspn -D with the data above from the setspn -Xor is it that it can't be done?Many Thanks

Dont Know if this would help anyone with there SPN problems I got rid of 2 of the duplicate SPNs by going into Services stopping 2 of my SQL instances changing the username starting them and then stopping them and then change the username back then start them again. I still have 2 duplicate SPNs listed below I guess the way to get rid of duplicate would be something like setspn -D<SPN> <computer_name> I would appreciate some help on this as I am not sure what the SPN would be and which one would be deleted I presume one is good and one is bad? C:\Windows\System32\setspn -L FS1Registered ServicePrincipalNames for CN=FS1,OU=Domain Controllers,DC=dcb,DC=local: {14E52635-0A95-4a5c-BDB1-E0D0C703B6C8}/FS1 {14E52635-0A95-4a5c-BDB1-E0D0C703B6C8}/FS1.dcb.local C:\Windows\system32>setspn -X Processing entry 0 {14E52635-0A95-4a5c-BDB1-E0D0C703B6C8}/FS1 is registered on these accounts: CN=Backup Exec,CN=Users,DC=dcb,DC=local CN=FS1,OU=Domain Controllers,DC=dcb,DC=local {14E52635-0A95-4a5c-BDB1-E0D0C703B6C8}/FS1.dcb.local is registered on these accounts: CN=Backup Exec,CN=Users,DC=dcb,DC=local CN=FS1,OU=Domain Controllers,DC=dcb,DC=local found 2 groups of duplicate SPNs. C:\Windows\system32>

Because they are duplicates you cannot remove them with setspn, it does not know which are correct. You need to use LDP.exe.Retail Services Developer