ERROR: There are multiple accounts with name host/Computer01.domain.com of type DS_SERVICE_PRINCIPAL_NAME.

Details
Product: Windows Operating System
Event ID: 11
Source: KDC
Version: 5.2
Symbolic Name: KDCEVENT_NAME_NOT_UNIQUE
Message: There are multiple accounts with name %1 of type %2.
Explanation
Kerberos could not authenticate a principal name because the name was not configured correctly.

Possible causes include:

Client names are duplicated.
The service principal name (SPN) is duplicated.

User Action
To restore Kerberos authentication, remove the duplicate principal name. To find the duplicate, use either the Ldifde command or the LDP tool.

Using the Ldifde command, you can extract accounts for the domain, the suspected container, or the organizational unit OU), and then find the incorrectly configured principal name within the accounts.

To use the Ldifde utility to extract accounts

On the domain controller, do one or both of the following:

For computer accounts, at the command prompt, type

ldifde -f filename -d BaseDistinguishedName -r (objectclass=computer) -p subtree

For user accounts, at the command prompt,

type

ldifde -f filename -d BaseDistinguishedName -r (objectclass=user) -p subtree

If the accounts that seem to have the duplicate SPNs are located in an OU, for example, orgunit, refine the base distinguished name. For example, at the command prompt, type

-d ou=orgunit,dc=doomet,dc=com

Open the text file in Notepad, and then search for the SPN that is reported in the security event log.Note the accounts under which the SPN is located

To use the LDP tool, install it from the Support\Tools folder on your Windows Server 2003 CD-ROM. For more information about running the LDP tool, see article 23064 in the Microsoft Knowledge Base.