JSI Tip 4512. Windows 2000 member server prompts a domain user for credentials?

Jerold Schulman

December 5, 2001

1 Min Read
ITPro Today logo in a gray background | ITPro Today

When you connect to a Windows 2000 member server in the same domain, you are prompted for credentials?

This can occur if a duplicate Service Principal Name (SPN) exists in the Active Directory.

To fix this problem, use the Ldp.exe tool to find the duplicate SPN and the Adsiedit.msc tool to remove it. On a Windows 2000 domain controller:

01. Start / Run / Ldp.exe / OK.

02. Press Connection / Connect / OK, leaving the Server box empty.

03. Press Connection / Bind / OK, leaving all fields empty.

04. Press View / Tree / OK, leaving the BaseDN window empty.

05. Press Browse and Search.

06. Type the BaseDN. Since my domain is JSIINC.COM, I type DC=JSIINC,DC=COM.

07. Set the filter to serviceprincipalname=Host/.. I set mine to serviceprincipalname=Host/JSI001/JSIINC.COM.

08. Set the Scope to Subtree and press Run.

09. When you locate the duplicate SPN, use the Adsiedit.msc tool to go to the object, view the duplicate SPN value, and remove it.

10. Convert the member server from the domain to a workgroup.

11. Delete the server's computer account from the domain.

12. Join the server to the domain.



Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like