JSI Tip 4512. Windows 2000 member server prompts a domain user for credentials?

When you connect to a Windows 2000 member server in the same domain, you are prompted for credentials?

This can occur if a duplicate Service Principal Name (SPN) exists in the Active Directory.

To fix this problem, use the Ldp.exe tool to find the duplicate SPN and the Adsiedit.msc tool to remove it. On a Windows 2000 domain controller:

01. Start / Run / Ldp.exe / OK.

02. Press Connection / Connect / OK, leaving the Server box empty.

03. Press Connection / Bind / OK, leaving all fields empty.

04. Press View / Tree / OK, leaving the BaseDN window empty.

05. Press Browse and Search.

06. Type the BaseDN. Since my domain is JSIINC.COM, I type DC=JSIINC,DC=COM.

07. Set the filter to serviceprincipalname=Host/<computername&gt.<DomainName>.<com>. I set mine to serviceprincipalname=Host/JSI001/JSIINC.COM.

08. Set the Scope to Subtree and press Run.

09. When you locate the duplicate SPN, use the Adsiedit.msc tool to go to the object, view the duplicate SPN value, and remove it.

10. Convert the member server from the domain to a workgroup.

11. Delete the server's computer account from the domain.

12. Join the server to the domain.



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish