Hi all.
I really hope someone can help me on this one. The scenario is as follows:
(my domain I have replaced with "domain" for security)
Servers
SQL2012 [Server 2016 Datacenter]
printserver2011 [Server 2008 R2 Enterprise]
SQL2012-backup [Server 2008 R2 Standard]
Scenario
Recently we moved our SQL2012 server to the cloud. A VM was created in Azure and the SQL DB was created, and log shipped up there. Our database now connects to it via a DNS redirect and works fine. The old local server was renamed to "SQL2012-backup" and still hosts our internal files. We are looking to move our file storage to the cloud as well, but all in due course.
Issue 1
The problems began shortly after the move. As SQL2012 (now SQL2012-backup) was our DC on our Active Directory, I think this is causing issues after the rename. The first problem I noticed was when creating user folders on the server, a couple of machines were pushed the new mapped drive using the group policy, however, most weren't getting it. The idea was to create a "U" drive where users could keep files on a backed up server as opposed to their local machines. It seemed random which machines would accept the new mappings.
Issue 2
Upon further inspection of the server, we have been getting hundreds and hundreds of one specific error in the System log of the SQL2012-backup event viewer:
Code:
A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 6:30:49.0000 2/13/2019 Z
Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN
Extended Error: 0xc0000035 KLIN(0)
Client Realm:
Client Name:
Server Realm: INTERNAL.DOMAIN.COM.AU
Server Name: MSSQLSvc/sql2012.internal.domain.com.au:1433
Target Name: MSSQLSvc/sql2012.internal.domain.com.au:1433@INTERNAL.DOMAIN.COM.AU
Error Text:
File: 9
Line: fdb
Error Data is in record data.
Everything else seemed to be working, so I figured this was a "nothing terribly important" error. That was, however, until our mapped "E" drive (where all our documents reside) ceased to be reachable by terminals. I was told on 14/02/2019 that an employee was remotely accessing a VM I have set up for remote work the previous night and around "5:30pm", the E drive disappeared. It was unreachable. When I came in on the 14th, sure enough, our mapped E drive had a big red X on it on every machine. Looking through the logs, I found this error poking out:
Code:
The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is MSSQLSvc/sql2012.internal.domain.com.au:1433 (of type DS_SERVICE_PRINCIPAL_NAME). This may result in authentication failures or downgrades to NTLM. In order to prevent this from occuring remove the duplicate entries for MSSQLSvc/sql2012.internal.domain.com.au:1433 in Active Directory.
This error was at 5:31pm.
As a result, the UNC path does not work anymore to \\SQL2012-backup. \\192.168.0.1 (and 2, there are 2 nics with concurrent IP's) works fine and displays all the appropriate shares. It's only UNC paths. I had to band-aid fix by disconnecting the mapped drive on each local machine, and reconnecting using the IP. I'm sure this is related.
I asked Dr. Google, and everything points to duplicate SPN's. I did the following and found:
Code:
C:\Windows\system32>setspn -X
Checking domain DC=internal,DC=domain,DC=com,DC=au
Processing entry 0
MSSQLSvc/SQL2012.internal.domain.com.au is registered on these accounts:
CN=SQL2012,CN=Users,DC=internal,DC=domain,DC=com,DC=au
CN=Server\, SQL,CN=Users,DC=internal,DC=domain,DC=com,DC=au
MSSQLSvc/SQL2012.internal.domain.com.au:1433 is registered on these accounts:
CN=SQL2012,CN=Users,DC=internal,DC=domain,DC=com,DC=au
CN=Server\, SQL,CN=Users,DC=internal,DC=domain,DC=com,DC=au
found 2 groups of duplicate SPNs.
I'm confused. They have the same name, sure, however, a port is specified to differentiate them (I think). Even then, if I list all SPN's I get:
Code:
C:\Windows\system32>setspn -L sql2012
Registered ServicePrincipalNames for CN=SQL2012,CN=Users,DC=internal,DC=domain
,DC=com,DC=au:
MSSQLSvc/SQL2012-backup.internal.domain.com.au:1433
MSSQLSvc/SQL2012-backup.internal.domain.com.au
MSSQLSvc/SQL2012.internal.domain.com.au:1433
MSSQLSvc/SQL2012.internal.domain.com.au
So. I'm assuming if I work out this duplicate SPN issue, I can then move onto the mapped drive issue.
Issue 3
We appear to have two AD's running. SQL2012-backup and printserver2011 are both ADs. One is supposed to be the master, the other is supposed to be a backup (there was a third as well, but that server is physically gone). I inherited this setup, so it's my issue now. Is there any way for me to rectify this?
Can anyone shed some light on what's happening here?
Bookmarks