Home
  •  

An account name collision occurred - this may result in authentication failures

An_account_name_collision_occurred___this_may_result_in_authentication_failures_5_Rule (Rule)

Knowledge Base article:

Summary

This rule is used to collect events that are related to naming collisions for the AD Duplicate Accounts report.

When a collision of this type occurs, multiple accounts share the same name. It is then impossible for the Active Directory® directory service to distinguish which of the accounts the name refers to.

Sample Event:

Attempt to update DnsHostName and HOST Service Principal Name (SPN) attributes of the computer object in Active Directory failed because the Domain Controller '%1' had more than one account with the name '%2' corresponding to this computer. Not having SPNs registered may result in authentication failures for this computer. Contact your domain administrator who may need to manually resolve the account name collision.

Resolutions

Manually change one of the account objects to a unique name.

External

For more information, see:

Element properties:

TargetMicrosoft.Windows.Server.2012.R2.AD.DomainControllerRole
CategoryEventCollection
EnabledTrue
Event_ID5800
Event SourceNetLogon
Alert GenerateFalse
RemotableTrue
Event LogSystem
CommentMom2005ID='{43C643C3-DCDD-482A-A67D-962492F64AAE}';MOM2005GroupID=

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.EventProvider Default
CollectEventData WriteAction Microsoft.SystemCenter.CollectEvent Default
CollectEventDataWarehouse WriteAction Microsoft.SystemCenter.DataWarehouse.PublishEventData Default

Source Code:

<Rule ID="An_account_name_collision_occurred___this_may_result_in_authentication_failures_5_Rule" Comment="Mom2005ID='{43C643C3-DCDD-482A-A67D-962492F64AAE}';MOM2005GroupID=" Enabled="true" Target="AD2012R2Core!Microsoft.Windows.Server.2012.R2.AD.DomainControllerRole" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>System</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>5800</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>NetLogon</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="CollectEventData" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>

    <WriteAction ID="CollectEventDataWarehouse" TypeID="SCDW!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>

  </WriteActions>

</Rule>