Archive by category "Windows Server 2012"

Cannot access ADMIN$ share using a local administrator account

When the computer is not in a Domain and you must reach the admin$ share with a local administrator you have to edit the registry.

Test if you can access ADMIN$ share with a user who is member of the local administrators group.
If not, test it with the standard builtin administrator account. If this works try the following registry setting:

You need to add a new DWORD value in the registry.

Run -> Regedit
Navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Add a new DWORD Value called: LocalAccountTokenFilterPolicy and give it the value of 1.

Local_administrator

Reboot the system.

Event: KDC_ERR_S_PRINCIPAL_UNKNOWN

Every 15 minutes this event logged on my SQL servers:

A Kerberos error message was received:
on logon session
Client Time:
Server Time:
Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN
Extended Error: 0xc0000035 KLIN(0)
Client Realm:
Client Name:
Server Realm:
Server Name:
Target Name:
Error Text:
File:
Line:
Error Data is in record data.

Error 0x0000035 means that we have an issue with duplicate SPNs.

Find duplicate SPNs on the server where the event occure

Run cmd as administrator:

setspn -X

Found 1 group of duplicate SPNs.

Look for duplicate SPNs in the domain

Run cmd as administrator on the domaincontroller.
ldifde -f C:\SPNs.txt -t 3268 -d dc="DOMAIN",dc="COM" -l serviceprincipalname -r (serviceprincipalname=*) -p subtree

Delete duplicate SPN

setspn -D MSSQLSvc/sql1.example.com:1433 sql1