Get SPN error when trying to join a machine to a domain

Posted on

A server stack is the collection of software that forms the operational infrastructure on a given machine. In a computing context, a stack is an ordered pile. A server stack is one type of solution stack — an ordered selection of software that makes it possible to complete a particular task. Like in this post about Get SPN error when trying to join a machine to a domain was one problem in server stack that need for a solution. Below are some tips in manage your windows server when you find problem about windows, domain, windows-server-2016, spn, .

I am trying to join a Windows Server 2016 VM called BORON to a domain which has a Windows 2012 R2 domain controller. The DC name is SNOWDROP.DUCK.LOC When I try to join I get this error:

The operation failed because SPN value provided for addition/modification is not unique forest-wide.

!?

I tried to find out why with this command on the domain controller:

Get-ADComputer -Filter {serviceprincipalname -like "*boron*"} | select *

DistinguishedName  : CN=SNOWDROP,OU=Domain Controllers,DC=duck,DC=loc
DNSHostName        : snowdrop.duck.loc
Enabled            : True
Name               : SNOWDROP
ObjectClass        : computer
ObjectGUID         : 2b5d6206-707a-4f09-835b-2d8222474e4d
SamAccountName     : SNOWDROP$
SID                : S-1-5-21-1075642099-280362434-2919291742-1001
UserPrincipalName  : 
PropertyNames      : {DistinguishedName, DNSHostName, Enabled, Name...}
AddedProperties    : {}
RemovedProperties  : {}
ModifiedProperties : {}
PropertyCount      : 9

I’m not sure what else to try, any ideas?

If you view the Attributes tab for SNOWDROP in AD Users and Computers, remove BORON if it is present in one of the ServicePrincipalNames.

In my case it was because there was already a server in the “computers” list with this name. Removed that computer from the “computers” list and was able to join the server to the domain.

I had to remove the specific host from the “Computers” section on the left from the domain which is under AD users and computer.

Also, i had to replicate the ADC and RODC from sites and services to update all of them.

Leave a Reply

Your email address will not be published.