Thanks Joe. if i wanted to search within a child domain i would use the -b switch ?
-b dc=child,dc=domain,dc=org ? On 11/17/06, joe <[EMAIL PROTECTED]> wrote:
adfind -gc -null -f serviceprincipalname=<insert SPN here> -dn That will search your entire GC which you must do, you can't just focus on a single domain like I saw a previous dsquery command do. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm ------------------------------ *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *hboogz *Sent:* Thursday, November 16, 2006 2:38 PM *To:* ActiveDir@mail.activedir.org *Subject:* Re: [ActiveDir] Kerberos is Killing Me! Joe, how do i find out if there are any duplicate SPN's ? On 11/16/06, joe <[EMAIL PROTECTED]> wrote: > > Do you have any duplicate SPNs? Well specifically the SPNs mentioned in > the error? > > -- > O'Reilly Active Directory Third Edition - > http://www.joeware.net/win/ad3e.htm > > > > ------------------------------ > *From:* [EMAIL PROTECTED] [mailto: > [EMAIL PROTECTED] *On Behalf Of *hboogz > *Sent:* Thursday, November 16, 2006 12 :09 PM > *To:* ActiveDir@mail.activedir.org > *Subject:* [ActiveDir] Kerberos is Killing Me! > > > I am having continued issues with Kerberos. I tried running tokensz > against the problem server and i get this error message.. > > C:\Tools>tokensz /compute_tokensize /package:negotiate /use_delegation > /target_s > erver:host/phmaindc1 > > Name: Negotiate Comment: Microsoft Package Negotiator > Current PackageInfo->MaxToken: 12128 > > Asked for delegate, but didn't get it. > Check if server is trusted for delegation. > > QueryKeyInfo: > Signature algorithm = > Encrypt algorithm = RSADSI RC4 > KeySize = 128 > Flags = 2001c > Signature Algorithm = -138 > Encrypt Algorithm = 26625 > QueryContextAttributes (lifespan): Status = 2148074242 0x80090302 > SEC_E_NOT_SUPP > ORTED > > > any ideas ? > > I keep getting the following event log message on a domain controller > which prevents users from accessing it and authenticating to it. > > Event Type: Error > Event Source: Kerberos > Event Category: None > Event ID: 4 > Date: 11/16/2006 > Time: 12:02:37 PM > User: N/A > Computer: PHMAINDC1 > Description: > The kerberos client received a KRB_AP_ERR_MODIFIED error from the server > host/phmaindc1.phippsny.org. The target name used was host/phprint1. This > indicates that the password used to encrypt the kerberos service ticket is > different than that on the target server. Commonly, this is due to > identically named machine accounts in the target realm ( PHIPPSNY.ORG), > and the client realm. Please contact your system administrator. > > For more information, see Help and Support Center at > http://go.microsoft.com/fwlink/events.asp. > > > Help! > > > > -- > HBooGz:\> > -- HBooGz:\>
-- HBooGz:\>
