cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Service principal names of user are not unique; check the active directory

Former Member

on ‎05-29-2008 5:10 PM

0 Kudos

Hello Experts,

My company had set up this service principal account to use with Kerberos and I am trying to configure the authentication template using SPNEGO wizzard. The format of the service account is not the same as SAP recommened (J2EE-SID-DOMAIN) but something like abc_de_portal. After trying to use that account with the wizzard I am getting this error "Service principal names of user abc_de_portal are not unique; check the active directory configuration." I am not sure what else in the AD attributes is causing the problem. Please let me know if you have ran into similar issue and how did you corrected. Points will be rewarded of course.

Thank you so much for any help that I can get.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎06-28-2008 4:16 AM
0 Kudos

My admin person solved the issue.

Show replies
Show replies
Former Member
‎09-12-2008 7:39 PM
0 Kudos

Hi Duy, we are having the same issue. How did you resolve the issue?

Tiberiu

Former Member
‎09-12-2008 7:43 PM
0 Kudos

Just de-register the SPN and assign something else because you might have use the service account for some other applications already. We use something like xxx_xxx_xxx and it works. Also make sure the permission on the service account is correct as well. Service account should be able to read user, what group they belong to, and the group and what user they belong to in AD. Your System Admin should be able to configure that. Good luck.

Former Member
‎10-01-2008 7:02 AM
0 Kudos

Could you elaborate on the solution of the problem? We're having the same issue.

In the AD, everything seems to be in order. There is only one user that is assigned SPN HTTP/<DNS_Name>, and this is the user entered in the spnego wizard. Still, the error "Service principal names of user <USER> are not unique - check Active Directory configuration" is issued. I'm a bit at a loss at the moment.

Former Member
‎10-01-2008 1:36 PM
0 Kudos

What is the format of your service account? Did you try to de-registered it and create another account with different name to check?

Former Member
‎05-29-2008 5:29 PM
0 Kudos

Hello Duy,

SPN of the service user for kerberos has to be unique as you would have made out from the message . There seems to be

someother user having the SPN as yours.

You would have to find the other AD user with the same SPN as yours and then de register that with

setspn u2013d <SPN> Username

Then this error should not come up after that .

There was a tool called Ldifde which you can use for this. We have our AD team do this for us. Would be better if you ask them to carry this out.

Rgds

Show replies
Show replies
Former Member
‎05-29-2008 6:31 PM
0 Kudos

Thank you. I will have the Systems Admin look into your solution.

Ask a Question